cknapp78
asked on
How do I configure an ISA 2006 Server (specifically the NICs) for Public IP Passthrough?
All,
Great site. Have been using it for almost 9 months and wouldn't trade a minute of my subscription. Have an issue I need some help with...
I have a company network which is using MS ISA Server 2006 in a 3 Tier mode. We are also using using MS Office Communications Server 2007 and as a result I have an OCS Edge Server in the Perimeter Network. I had originally just been NAT'ing the one IP address to a private perimeter network address (Access Edge). However, now that we are moving to Live Meeting and Audio/Video, I need a public IP address for the A/V Edge NIC.
As a result, I upgraded my Telco lines and purchased a block of 13 IP addresses.
So I have configured my ISA Server as follows...
External NIC - xxx.68.71.115
Internal NIC - 10.1.10.1
Perimeter NIC - xxx.68.71.117
Network Rule is setup to allow Route and not NAT to the Perimeter network.
On the OCS Side, I have an edge server with the following IP Addresses...xxx.68.71.118-
For some reason I can not ping the Perimeter from the ISA Server and the ISA Server from the Perimeter. There is no traffic to speak of going between the two zones. I can not figure out why.
Don't know if this is a rule issue in ISA or a NIC configuration error. Any help would be appreciated.
Great site. Have been using it for almost 9 months and wouldn't trade a minute of my subscription. Have an issue I need some help with...
I have a company network which is using MS ISA Server 2006 in a 3 Tier mode. We are also using using MS Office Communications Server 2007 and as a result I have an OCS Edge Server in the Perimeter Network. I had originally just been NAT'ing the one IP address to a private perimeter network address (Access Edge). However, now that we are moving to Live Meeting and Audio/Video, I need a public IP address for the A/V Edge NIC.
As a result, I upgraded my Telco lines and purchased a block of 13 IP addresses.
So I have configured my ISA Server as follows...
External NIC - xxx.68.71.115
Internal NIC - 10.1.10.1
Perimeter NIC - xxx.68.71.117
Network Rule is setup to allow Route and not NAT to the Perimeter network.
On the OCS Side, I have an edge server with the following IP Addresses...xxx.68.71.118-
For some reason I can not ping the Perimeter from the ISA Server and the ISA Server from the Perimeter. There is no traffic to speak of going between the two zones. I can not figure out why.
Don't know if this is a rule issue in ISA or a NIC configuration error. Any help would be appreciated.
ASKER
Do I need to edit this for passthrough of any protocol between the two zones? I had it working in the past on NAT but not in routing.
No - It is for traffic that is directed to/from ISA itself as opposed to passthrough.
ASKER
I guess I am missing something then.
I have been doing this for over 12 years and have drawn a blank. Is there any way to get a public IP passthrough to a server in the perimeter network?
I have been doing this for over 12 years and have drawn a blank. Is there any way to get a public IP passthrough to a server in the perimeter network?
What, exactly, are you trying to achieve? Maybe I am mis-reading your question.
ASKER
I am trying to allow traffic over port 5061 (among others) to an edge server in my perimeter network. The glitch is that I need to assign these server NICs with public IP addresses. Nat'ing them is not allowed.
In essence, I need to go from an outside client, through my ISA Box, to the Edge Server, without actually using the ISA IP address. For example, my ISA outside address is xxx.68.71.115. I have the Edge Server set for xxx.68.71.118-120. I need to allow the client on the external network access to the edge server.
In essence, I need to go from an outside client, through my ISA Box, to the Edge Server, without actually using the ISA IP address. For example, my ISA outside address is xxx.68.71.115. I have the Edge Server set for xxx.68.71.118-120. I need to allow the client on the external network access to the edge server.
ASKER
Half of me wonders if I even have the NICs setup on the ISA box correct. THey are as follows...
External Network
IP - xxx.68.71.115
Gateway - xxx.68.71.1
Subnet - 255.255.255.0
Internal Network
IP - 10.1.10.1
Gateway - 255.255.255.0
Perimeter Network
IP - xxx.68.71.117
Subnet - 255.255.255.0
My edge server has 3 NICs with in the perimeter network with addresses xxx.68.71.118-120 and one NIC with an internal NIC with an address of 10.1.10.102 and a Gateway on the Internal NIC of 10.1.10.1. Any help is appreciated.
External Network
IP - xxx.68.71.115
Gateway - xxx.68.71.1
Subnet - 255.255.255.0
Internal Network
IP - 10.1.10.1
Gateway - 255.255.255.0
Perimeter Network
IP - xxx.68.71.117
Subnet - 255.255.255.0
My edge server has 3 NICs with in the perimeter network with addresses xxx.68.71.118-120 and one NIC with an internal NIC with an address of 10.1.10.102 and a Gateway on the Internal NIC of 10.1.10.1. Any help is appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Edit the ISA System policy (not the firewall policy) and enable icmp between the two network entities if you really want to be able to do this.