Do we need RRAS to enable Routing on ISA 2006 machine for MultiNIC Config?

Hi,

I am installing ISA 2006 Enterprise Edition on a server. I plan to install COnfiguration Storage Server and ISA Services on the same server . (Is it ok to go?)

I have two NICs on it.

NIC1 10.0.8.x          NAt to a Public IP
NIC2  10.0.25.x       Local LAN

Now one of my friends said that I need to install RRAS in order to enable routing on this.

For now I have not installed ISA or CSS on this server.

It's a windows 2003 SP2 server not yet joined to the domain.

Kindly help me in installing ISA EE correctly please.

Regards.
Amir4uAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
your last sentence is similar to 'Kindly help me carry out brain surgery - via email'.
However, to answer your question, no - you do need to install RRAS separately.
Also, ISA uses the routing provided by the ISA host operating system.
0
 
Amir4uAuthor Commented:
Thanx keith for the answer ....

is it possible to ask another question ? regarding how to put DNS in public NIC and Local NIC ? i.e. ISP DNS in Public NIC + Local DNS or just ISP DNS

Also on PRivate NIC - Just Local DNS or no DNS

I will be thankful for this favor ...

Regards.
0
 
Keith AlabasterEnterprise ArchitectCommented:
other way round. the internal dns server ip address should be on both the ISA internal AND external nic. The ISP DNS should NOT be placed on ISA Server. The ISP dns server ip addresses should be in the forwarder tab of the internal dns servers.

to put it more clearly, no internal server or workstation should include the ISP dns server ip addresses in their NIC tcpip settings. The ISP dns server addresses should ONLY be in the forwarder tab of the internal dns servers inside the DNS service mmc snapin.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Keith AlabasterEnterprise ArchitectCommented:
just remember to add an access rule for DNS from internal to external
0
 
Amir4uAuthor Commented:
thanx,
you wold be amazed to know(or may be not) that our local  DNS server does not forward any request to our ISP DNS. It only resolves locally.

Our exchange server  has local IP which is NAT ed and on it's NIC the ISP DNS address is given.

Our current ISA2000 is working the same way. it is configured with local IP which is NAT ed and it's both DNS are ISP DNS

SO now I am configuring my Edge FIrewall ISA 2006 EE with Multi NIC  I also have a local IP on PUBLIC NIC which is NAT ed  and so shud I not put both DNS as ISP DNS there and for the PRIVATE NIC which has a local IP also from another subnet the local DNS IP?

I hope i didn't make a mess of this explanation..
0
 
Keith AlabasterEnterprise ArchitectCommented:
No - i have explained where it should go already. Put the ISP dns on ISA and you will have trouble. If you want to do it differently then that is your call if you want to ignore best-practice.
0
All Courses

From novice to tech pro — start learning today.