?
Solved

IP config for ISA 2006

Posted on 2009-05-06
16
Medium Priority
?
330 Views
Last Modified: 2012-05-06
Hello everyone i am trying to setup isa 2006 but i am having a little problem with the IP settings, the 1st NIC i setup as (IP 172.16.6.254. SUBNET 255.255.255.0 GW 172.16.6.1 DNS 172.16.6.10 from dns server) the 2nd nic is the issue what ip am i supposed to put there is it the ip address assigned to me by my isp. I have a router which the default gateway is 172.16.6.1 and a 2003 server which acts as the the DHCP and DNS server.  Any help would be appreciated.
0
Comment
Question by:lmootoo
  • 8
  • 5
  • 3
16 Comments
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24314998
Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE

Note: /24 = 255.255.255.0

NIC2
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24315030
Ignore the previous..


Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE
Note: /24 = 255.255.255.0
NIC2

IP: <provided by isp>
GW: <provided by isp>
DNS: <provided by isp>

Here you can just remove your old router.
0
 

Author Comment

by:lmootoo
ID: 24315652
Is there any way i can keep the router and configure the NIC2
0
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

 

Author Comment

by:lmootoo
ID: 24315749
Also the server i want to install ISA on will be a member server is that ok to do.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 2000 total points
ID: 24318547
The settings depends a little bit from your general ISP settings. I use the following settings:

LAN:
IP 172.16.6.254
SUBNET 255.255.255.0
GW NONE !!!
DNS 172.16.6.10 (your internal DNS)

Setup your internal DNS to use forwarders (DNS servers of your ISP), so that the DNS can resolve external IPs.

if you have a subnet from your ISP (fixed IPs)
WAN:
IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (same subnet)
DNS 172.16.6.10 (your internal DNS)

if you don't have a subnet from your ISP (dynamic IPs)
Create your own subnet between Router and ISA
WAN:
IP: i.e. 192.168.1.2
SUBNET 255.255.255.0
GW: i.e. 192.168.1.1 (internal IP of the Router)
DNS 172.16.6.10 (your internal DNS)

0
 
LVL 35

Expert Comment

by:Bembi
ID: 24318581
Questions:
1.) Is there any way...
Have a look at the two configurations. The external ISA NIC must be within the same subnet htat your internal IP of your router.
2.) Also the server...
yes sure, why not? You should never install ISA on a DC as possible, as a DC should not have 2 NICs. So a member server is a good idea.
0
 

Author Comment

by:lmootoo
ID: 24319218
I will give that a try and let you know how it works out by Friday thank you for replying
0
 

Author Comment

by:lmootoo
ID: 24319438
I thought i am supposed to use DNS on the internal NIC only not the Outside from what i am reading is that correct
0
 

Author Comment

by:lmootoo
ID: 24319896
Ok i applied the settings of my ISP


IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (ISP Gateway am i correct)
DNS 172.16.6.10 (your internal DNS)
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24319913
This depend a little bit from your constellation. Means, if your server is a stand alone ISA or if other services are running on this machine.

The question is in general, how DNS requests are handled and they behaves different for SecureNat, WebProxy and Firewall clients. Depending on where and from whom DNS requests are made, it is allways a good idea, to point all DNS requests to an internal server and let this DNS act also as forwarder for internet addresses.  This makes sure, that any internal service can resolve internal and external addresses. The ISA itself is not all the time aware about what is internal and external and this may force some situations, that ISA tries to resolve internal names agains the ISP, if you have setup two different DNS sources.  

Have a look here (is ISA 2004 but does not care):
http://technet.microsoft.com/en-us/library/cc302590.aspx

This is not a security risk, as ISA itself should block any request from the external NIC to the internal DNS. Mostly the routers in front of ISA do the same. This setting just avoids confusion about, how DNS requests from ISA are handled.

If you are unsure, you can also try to leave the DNS settings on the external NIC empty. In the case, that no other services on ISA itself need DNS name resolution, this may work. But you should never mix internal and external DNS settings on ISA together.

0
 
LVL 35

Expert Comment

by:Bembi
ID: 24319962
> Ok i applied the settings
OK, now make sure, your internal DNS server can resolve external names.
Have a look at your assigned external DNS servers (you can mostly see them on your router, if connected) and add these IPs as forwarders to your internal DNS.

You can check this on your DNS machine or any other client (if not denied by a rule) by just use nslookup with any external name.

If you don not want to allow resolving external DNS names by your clients (with the exception of WebClients), you can setup a rule to allow DNS only for your internal DNS server.
0
 

Author Comment

by:lmootoo
ID: 24320070
That all works i can resolve external names, also i am able to browse the web on the the machine ISA is going on is that supposed be.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24320284
Sounds good so far...
0
 

Author Comment

by:lmootoo
ID: 24321725
I would like to say thank you very much for your help with this issue Bembi you earned your 500 points guess what after i applied the IP config i installed ISA 2006 created a rule to let all internet traffic out, it seems to be working so far thank you again. You can consider this issue closed
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24321761
If I may ask.. What router are you using? is it NAT enabled?


If yes then your problem will occur when you want to port forward a service.

Anyway since its not the scope of the inquiry perhaps good luck with your exploration.



0
 

Author Comment

by:lmootoo
ID: 24325732
I am using a DLINK DIR-655
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Suggested Courses
Course of the Month7 days, 4 hours left to enroll

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question