Solved

Public IP addresses configuration in ISA 2004

Posted on 2006-11-20
3
202 Views
Last Modified: 2013-11-16
Greetings. I have a Web and Exchange server that I want to move behind an ISA 2004 Firewall. The two servers have public addresses that are associated with their own DNS records. Example:

mail.domain.com = XXX.XXX.XXX.XXX
web.domain.com = XXX.XXX.XXX.XXX

Currently these servers have two NIC's one public and one private. The ISA server is a third server. My question is, once I move these two servers behind the ISA where do I put the public IP addresses? Do I need to add them to the ISA servers and keep only internal IP on the servers or do I keep them on each server and redirect traffic there. I'd like for ISA to control the traffic going to these boxes. What would be my best and mosrt secure option?

Thanks!
0
Comment
Question by:menendeza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 17986551
On your external router, redirect traffic for both addresses to the external nic of the isa.

On the ISA, use the publishing rules to redirect the traffic to the internal IP addresses (do NOT use server names in the publishing rules,just IP addresses). In the mail server publishing rule, its extremely straight forward, in the web publishing rule, in addition to the ip address of the now internal web server you will also put in the FQDN for the site it is to respond to i.e. www.yourdomain.co.uk etc. This is the most common way of doing things allowing the external nic of the ISA and its link to the internal nic of the external firewall to operate across a private network range giving you an additional security zone.

Alternatively, if you are bridging the addresses, put both real IP's on the ISA server external NIC. It would be important though to ensure that the physical NIC matches the IP address assigned to your MX record else you may fall foul of the reverse DNS issues.

Keith
0
 

Author Comment

by:menendeza
ID: 17987782
Thank you very much Keith.

I guess, since we don't manage the router (ISP does) I use the second option for adding the external IP's to the external NIC of the ISA.  Appreciate your help!

Angel
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17989537
:)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Multiple IP Address Block through a switch 7 121
palo alto VM series in AWS 3 131
Using Netsh to enable a firewall for a particular profile 6 101
Firewall connection 10 76
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question