[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Public IP addresses configuration in ISA 2004

Posted on 2006-11-20
3
Medium Priority
?
206 Views
Last Modified: 2013-11-16
Greetings. I have a Web and Exchange server that I want to move behind an ISA 2004 Firewall. The two servers have public addresses that are associated with their own DNS records. Example:

mail.domain.com = XXX.XXX.XXX.XXX
web.domain.com = XXX.XXX.XXX.XXX

Currently these servers have two NIC's one public and one private. The ISA server is a third server. My question is, once I move these two servers behind the ISA where do I put the public IP addresses? Do I need to add them to the ISA servers and keep only internal IP on the servers or do I keep them on each server and redirect traffic there. I'd like for ISA to control the traffic going to these boxes. What would be my best and mosrt secure option?

Thanks!
0
Comment
Question by:menendeza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17986551
On your external router, redirect traffic for both addresses to the external nic of the isa.

On the ISA, use the publishing rules to redirect the traffic to the internal IP addresses (do NOT use server names in the publishing rules,just IP addresses). In the mail server publishing rule, its extremely straight forward, in the web publishing rule, in addition to the ip address of the now internal web server you will also put in the FQDN for the site it is to respond to i.e. www.yourdomain.co.uk etc. This is the most common way of doing things allowing the external nic of the ISA and its link to the internal nic of the external firewall to operate across a private network range giving you an additional security zone.

Alternatively, if you are bridging the addresses, put both real IP's on the ISA server external NIC. It would be important though to ensure that the physical NIC matches the IP address assigned to your MX record else you may fall foul of the reverse DNS issues.

Keith
0
 

Author Comment

by:menendeza
ID: 17987782
Thank you very much Keith.

I guess, since we don't manage the router (ISP does) I use the second option for adding the external IP's to the external NIC of the ISA.  Appreciate your help!

Angel
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17989537
:)
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question