configure ISA 2006 Standard

Posted on 2009-04-15
Last Modified: 2012-05-06
I just installed fresh ISA 2006 on my network, and I just need basic configuration to make ISA work and to allow to allow http, https, FTP, SMTP, VPN.
any idea or documentation that you have
DNS and DHCP running on my DC.
Question by:ssalim1
    LVL 3

    Expert Comment

    Create the basic rule in firewall policy : Allow : selected protocols (add the basic protocols like http , https , pop3 , smpt ,,, ect ...) from Internal to External , add users , access hours ,,, and you are done ,,,,
    Regarding to VPN , go to Virtual Private Network and go with the procdures step by step , then return back and create VPN rule ,,, add users to the TelnetClient Group ,,,
    Go with the procedures stpe by step , in general its simple and easy ,,,

    Author Comment

    u made it very short for me, could u tell me bit more or at least steps.
    LVL 3

    Expert Comment

    Hi , sorry for that ,,,, explaining in details :
    - Run your Isa server , and go to Isa server manager
    - In the left pane , go to firewall policy , and you will find the default policy (on the middle pane) which is Deny everything , this policy should be always the last policy on this order ,,,
    - Know go the right pane and click on  Create Access rule
    - The access rule wizard will start (first box : create a name for your rule , click next - Second box chose Allow - next - third box 'Protocols' click add and chose the up mentioned portocols , click next , fourth box "access rule source' , chose you internal network , next , Destination source : chose your external net-interface
    - Next box 'users' - Select all users
    - Finnaly click finish
    Note that you may come back to this rule by clicking on it at the middle pane and add or delete any sittings like adding other networks to the source or destination or adding or removing protocols.
    Also note that by default you will not have internet access on the ISA server , to enable that you ahve to add the Local 'from Networks' to the internal network on the access rule wizard .
    Go with this wizard and try it , at the end of it you have to clcik apply at the top o your page other wise delete it and start again till you become familiar with it ,,,

    Author Comment

    thank you for the detail.

    but my main concern is the intial setting before adding the rules, mean after the installation what is the first steps to make it works.
    as I can ping outside and I can not browse.

    Please let me know.

    LVL 3

    Accepted Solution

    You have to create the first rule , because the default rule is 'Deny' all inbound traffic , you can ping outside but no one can ping your ISA unless you permit that !!! also as I mentioned earlier ,, you will not be able to browse unless you added 'Local' which you will find it listed with Networks (you have Outside - Inside - and 'Local' which is meant your ISA ,,,,
    Create a new rule is the first step that you have to do to start working

    Author Comment

    I have done that, and I can see from the logs that, the client reached ISA but it doent allow them go outside, as well as from ISA i can not browse anything but i can ping and telnet to outside...
    i have formatted the server as well and done new installation for ISA 2006 standard the trail one, but still the same...
    Also I have one prof. isa guy came in today and he couldnt fix it!!!!!!!
    let me know if there is any tip
    i can send u the logs if u likes

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
    There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now