carloslaso
asked on
ISA Server Basic Configuration Cont??
I followed the explanation by keith_alabaster on question ID 22454299 on the basic configuration on ISA server 2006, the server has two nic cards, one is for internet access and the other is for handling internal traffic to our programs. The server allows users access to the internet depending on the proxy configuration or denies it by proxy misconfiguration on group policies, but now we want to use ISA server to allow limited access. What kind of network template should I use when configuring ISA? As soon as I install it the server loses internet access because I only declare the internal network the nic card without gateway nor dns info. I don't know how to declare the other card that allows the internet and has all the router info. Is there a second part to that question?
ASKER
So I should not declare the nic I use to handle internal traffic? Should I declare the one that has internet access as the internal and use the Front-end template?
??
The NIC that has internet access is the external, the other is the internal. When you run the template, you will be asked to give ip addresses on the internal card only - and MUST include ALL internal addresses. So do NOT add all private addresses, just enter those relevant to your internal network.
For example, if you have 192.168.10.200 as the ip address on the uinternal nic, you would enter 192.168.10.0 - 192.168.10.255. All addresses includes the Network ID and the broadcast address. ALL IP addresses NOT entered into the LAT, when it prompts, will be treated as external from your inside network.
The NIC that has internet access is the external, the other is the internal. When you run the template, you will be asked to give ip addresses on the internal card only - and MUST include ALL internal addresses. So do NOT add all private addresses, just enter those relevant to your internal network.
For example, if you have 192.168.10.200 as the ip address on the uinternal nic, you would enter 192.168.10.0 - 192.168.10.255. All addresses includes the Network ID and the broadcast address. ALL IP addresses NOT entered into the LAT, when it prompts, will be treated as external from your inside network.
ASKER
I configures ISA using the EDGE network template and i am able to ping yahoo and google but i cannot do anything more, i noticed that the DHCP server disconnects as soon as i close that window.
The internal nic MUST have dns info - it must point to the internal dns server.
The internal nic does not have a default gateway.
The external nic MUST NOT have dns info
The external nic WILL have a default gateway of the external router.
The Internal DNS server MUST have its forwarders set to point at the external (ISP) dns servers.
What DHCP server? ISA nics (internal & external) should have static ip addresses or their respective subnets.
The internal nic does not have a default gateway.
The external nic MUST NOT have dns info
The external nic WILL have a default gateway of the external router.
The Internal DNS server MUST have its forwarders set to point at the external (ISP) dns servers.
What DHCP server? ISA nics (internal & external) should have static ip addresses or their respective subnets.
ASKER
I will try some of those MUSTs and WILLs, I may have put something wrong there.
As for the DHCP server, is that needed to assign IPs to the PCs being protected or controlled by ISA Server or they also have to have Static IP Addresses?
I only have one server where I installed Windows 2003 and ISA 2006, is that allowed or should I have a different server just for ISA? If so, can it be installed on a virtual pc or a separate box (server) is required?
As for the DHCP server, is that needed to assign IPs to the PCs being protected or controlled by ISA Server or they also have to have Static IP Addresses?
I only have one server where I installed Windows 2003 and ISA 2006, is that allowed or should I have a different server just for ISA? If so, can it be installed on a virtual pc or a separate box (server) is required?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I forgot to mention that I got Internet explorer to work on the server (not on the PCs), using the info on the last post of the following link: http://tinyurl.com/6cxgsm , but not firefox, tzo and some other apps. I still need to check some of the IPs that I may have put wrong in the DNS of the nics
ASKER
I'm accepting this as an answer because all of what the author posted helped me get Internet to the server, Internet access to the rest of the programs can be investigated on different questions on this forum or using the search option.
Thanks :)
The main difference is that as a front-end firewall ISA will provide the NAT function to 'hide' the internal IP addresses by default. To be honest, this is the option I always use when I do not have DMZ interfaces involved on the ISA itself.
Keith