Solved

Public IP addresses configuration in ISA 2004

Posted on 2006-11-20
3
198 Views
Last Modified: 2013-11-16
Greetings. I have a Web and Exchange server that I want to move behind an ISA 2004 Firewall. The two servers have public addresses that are associated with their own DNS records. Example:

mail.domain.com = XXX.XXX.XXX.XXX
web.domain.com = XXX.XXX.XXX.XXX

Currently these servers have two NIC's one public and one private. The ISA server is a third server. My question is, once I move these two servers behind the ISA where do I put the public IP addresses? Do I need to add them to the ISA servers and keep only internal IP on the servers or do I keep them on each server and redirect traffic there. I'd like for ISA to control the traffic going to these boxes. What would be my best and mosrt secure option?

Thanks!
0
Comment
Question by:menendeza
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 17986551
On your external router, redirect traffic for both addresses to the external nic of the isa.

On the ISA, use the publishing rules to redirect the traffic to the internal IP addresses (do NOT use server names in the publishing rules,just IP addresses). In the mail server publishing rule, its extremely straight forward, in the web publishing rule, in addition to the ip address of the now internal web server you will also put in the FQDN for the site it is to respond to i.e. www.yourdomain.co.uk etc. This is the most common way of doing things allowing the external nic of the ISA and its link to the internal nic of the external firewall to operate across a private network range giving you an additional security zone.

Alternatively, if you are bridging the addresses, put both real IP's on the ISA server external NIC. It would be important though to ensure that the physical NIC matches the IP address assigned to your MX record else you may fall foul of the reverse DNS issues.

Keith
0
 

Author Comment

by:menendeza
ID: 17987782
Thank you very much Keith.

I guess, since we don't manage the router (ISP does) I use the second option for adding the external IP's to the external NIC of the ISA.  Appreciate your help!

Angel
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17989537
:)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now