Solved

Using ISA 2006 AND Demand Dial interface on single Nic

Posted on 2008-10-29
5
423 Views
Last Modified: 2013-11-16
I have a system (VMWare ESX with single virtual NIC available) with Server 2003 and ISA 2006. This client is moving in a month and need to setup an inbound proxy between the internet and inside. I can set firewall rules for HTTPS (for OWA and RPC over HTTP), SMTP, etc and have them go to the DMZ port (on a Snapgear) where it is routed the following way:

OWA/Mobile Mail/HTTPS = .2 (ISA)
Anything else = .3 (RRAS)

So now the .2 will proxy and be a forwarder inside. Anything else is then set to go to RRAS where a demand dial L2TP connection is established and it is shot internally to a RRAS server there.


An ASCII diagram:

                               INTERNET ----- Firewall ------ Internal (192.168.5.0)
                                                          |
                                                          |
                                                          |
                                                      DMZ (192.168.4.0)
                                                          |

                                                       ISA (.4.2)
                                                       Demand Dial (.4.3)

So traffic comes in through internet, Firewall points it to the DMZ to a specific IP depending on port, DMZ then pushes to the mail server on the .5 subnet.


Questions:
1) I know I can setup two IP addresses on one NIC. Can I define ISA to listen to only ONE of those IP addresses for the OWA part?
2) I know I can filter the traffic on demand dial connections. Can I have it listen only on one IP address?
3) Is this possible on one NIC? If not, do questions 1 and 2 still work in a 2 NIC/1 subnet solution?
4) If not to #1-3 (or if it is easier), can you tell me a way to get this done with a proxy solution, etc?


Thanks.
0
Comment
Question by:kirk_lesser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22836140
1. Yes. Once you have the second IP address bound on the ISA nic, when you run the publishing rule and select the external interface to listen on, you will see the addresses tab - in here you can select the specific ip to listen on.
2. Don't think so - the second IP is a virtual one ( an arp effectively) so I doubt it would differentiate that way.
3 - As above.
4. personally I have never used a demand-dial so cannot comment on its operation - ISA is my bag and the only demand-dial parts have been for outbound.

Keith
0
 

Author Comment

by:kirk_lesser
ID: 22871627
On #1) Where can I do this? I open up properties for the rule, go to networks, select the external network, click on addresses, click on the specific addresses checkbox but it doesn't let me pick IP addresses. I have set two on the NIC already...

0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22880182
So you can ping both addresses that are now added to the tcpip settings on the ISA external nic?
When you open the addresses tab - can you actually see both addresses listed when editing the publishing rule ? If you can then you should be able to pick the option to select to listen to one address (the default is to listen on ALL listed IP addresses) and then pick the individual address you want that listener associated with.
0
 

Author Closing Comment

by:kirk_lesser
ID: 31511432
I am going to repost the question as the situation has changed.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22888229
OK - will watch out for it :)
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question