Solved

Setting up ISA 2006 in a DMZ on one NIC

Posted on 2008-10-21
2
489 Views
Last Modified: 2008-11-17
I have a system (VMWare ESX with single virtual NIC available) with Server 2003 and ISA 2006. This client is moving in a month and need to setup a proxy between the internet and inside. I can set firewall rules for HTTPS (for OWA and RPC over HTTP), SMTP, etc and have them go to the DMZ port where the ISA server will be stationed. Once the traffic is in the DMZ (on a Snapgear) , I need to setup the ISA to then send it to the internal IP (I can route through the firewall potentially). This needs to be done for a few ports for development, mail, HTTP over RPC, and HTTPs.

I also need to have all internal traffic go through this DMZ port to then be converted to the outbound internet traffic.

An ASCII diagram:

                               INTERNET ----- Firewall ------ Internal (192.168.5.0)
                                                          |
                                                          |
                                                          |
                                                      DMZ (192.168.4.0)

So email comes in through internet, Firewall points it to the DMZ, DMZ then pushes to the mail server on the .5 subnet.


Questions:

1) Can this be done on one NIC? How is the best way to set this up with the three networks on the ISA server? (I see the configuration on the ISA server for local, external, and quarantine zones).
2) Will this work within ESX?
3) I have heard of issues with ISA and things like OWA and HTTP over RPC. Any recommendations?



0
Comment
Question by:kirk_lesser
2 Comments
 
LVL 5

Expert Comment

by:lecaf
ID: 22771232
1. I don't think its possible you need 2 NICS (Isa merit this ¬10 investment)
2. why not
3. works fine ISA is the only FW (I knwo of) able to filter RPC over HTTP so you need it.

I already used this desing

Internet ----- FW ----- ISA ----- DMZ with front end (exchange)
                                    -
                                    -
                                    FW  -----  LAN


m  a r  c  
0
 

Accepted Solution

by:
kirk_lesser earned 0 total points
ID: 22772236
Anyone else agree/disagree?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now