Using ISA 2006 AND Demand Dial interface on single Nic
Posted on 2008-10-29
I have a system (VMWare ESX with single virtual NIC available) with Server 2003 and ISA 2006. This client is moving in a month and need to setup an inbound proxy between the internet and inside. I can set firewall rules for HTTPS (for OWA and RPC over HTTP), SMTP, etc and have them go to the DMZ port (on a Snapgear) where it is routed the following way:
OWA/Mobile Mail/HTTPS = .2 (ISA)
Anything else = .3 (RRAS)
So now the .2 will proxy and be a forwarder inside. Anything else is then set to go to RRAS where a demand dial L2TP connection is established and it is shot internally to a RRAS server there.
An ASCII diagram:
INTERNET ----- Firewall ------ Internal (192.168.5.0)
Demand Dial (.4.3)
So traffic comes in through internet, Firewall points it to the DMZ to a specific IP depending on port, DMZ then pushes to the mail server on the .5 subnet.
1) I know I can setup two IP addresses on one NIC. Can I define ISA to listen to only ONE of those IP addresses for the OWA part?
2) I know I can filter the traffic on demand dial connections. Can I have it listen only on one IP address?
3) Is this possible on one NIC? If not, do questions 1 and 2 still work in a 2 NIC/1 subnet solution?
4) If not to #1-3 (or if it is easier), can you tell me a way to get this done with a proxy solution, etc?