Solved

Public IP addresses configuration in ISA 2004

Posted on 2006-11-20
3
199 Views
Last Modified: 2013-11-16
Greetings. I have a Web and Exchange server that I want to move behind an ISA 2004 Firewall. The two servers have public addresses that are associated with their own DNS records. Example:

mail.domain.com = XXX.XXX.XXX.XXX
web.domain.com = XXX.XXX.XXX.XXX

Currently these servers have two NIC's one public and one private. The ISA server is a third server. My question is, once I move these two servers behind the ISA where do I put the public IP addresses? Do I need to add them to the ISA servers and keep only internal IP on the servers or do I keep them on each server and redirect traffic there. I'd like for ISA to control the traffic going to these boxes. What would be my best and mosrt secure option?

Thanks!
0
Comment
Question by:menendeza
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 17986551
On your external router, redirect traffic for both addresses to the external nic of the isa.

On the ISA, use the publishing rules to redirect the traffic to the internal IP addresses (do NOT use server names in the publishing rules,just IP addresses). In the mail server publishing rule, its extremely straight forward, in the web publishing rule, in addition to the ip address of the now internal web server you will also put in the FQDN for the site it is to respond to i.e. www.yourdomain.co.uk etc. This is the most common way of doing things allowing the external nic of the ISA and its link to the internal nic of the external firewall to operate across a private network range giving you an additional security zone.

Alternatively, if you are bridging the addresses, put both real IP's on the ISA server external NIC. It would be important though to ensure that the physical NIC matches the IP address assigned to your MX record else you may fall foul of the reverse DNS issues.

Keith
0
 

Author Comment

by:menendeza
ID: 17987782
Thank you very much Keith.

I guess, since we don't manage the router (ISP does) I use the second option for adding the external IP's to the external NIC of the ISA.  Appreciate your help!

Angel
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17989537
:)
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now