Solved

IP config for ISA 2006

Posted on 2009-05-06
16
283 Views
Last Modified: 2012-05-06
Hello everyone i am trying to setup isa 2006 but i am having a little problem with the IP settings, the 1st NIC i setup as (IP 172.16.6.254. SUBNET 255.255.255.0 GW 172.16.6.1 DNS 172.16.6.10 from dns server) the 2nd nic is the issue what ip am i supposed to put there is it the ip address assigned to me by my isp. I have a router which the default gateway is 172.16.6.1 and a 2003 server which acts as the the DHCP and DNS server.  Any help would be appreciated.
0
Comment
Question by:lmootoo
  • 8
  • 5
  • 3
16 Comments
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24314998
Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE

Note: /24 = 255.255.255.0

NIC2
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24315030
Ignore the previous..


Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE
Note: /24 = 255.255.255.0
NIC2

IP: <provided by isp>
GW: <provided by isp>
DNS: <provided by isp>

Here you can just remove your old router.
0
 

Author Comment

by:lmootoo
ID: 24315652
Is there any way i can keep the router and configure the NIC2
0
 

Author Comment

by:lmootoo
ID: 24315749
Also the server i want to install ISA on will be a member server is that ok to do.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 24318547
The settings depends a little bit from your general ISP settings. I use the following settings:

LAN:
IP 172.16.6.254
SUBNET 255.255.255.0
GW NONE !!!
DNS 172.16.6.10 (your internal DNS)

Setup your internal DNS to use forwarders (DNS servers of your ISP), so that the DNS can resolve external IPs.

if you have a subnet from your ISP (fixed IPs)
WAN:
IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (same subnet)
DNS 172.16.6.10 (your internal DNS)

if you don't have a subnet from your ISP (dynamic IPs)
Create your own subnet between Router and ISA
WAN:
IP: i.e. 192.168.1.2
SUBNET 255.255.255.0
GW: i.e. 192.168.1.1 (internal IP of the Router)
DNS 172.16.6.10 (your internal DNS)

0
 
LVL 35

Expert Comment

by:Bembi
ID: 24318581
Questions:
1.) Is there any way...
Have a look at the two configurations. The external ISA NIC must be within the same subnet htat your internal IP of your router.
2.) Also the server...
yes sure, why not? You should never install ISA on a DC as possible, as a DC should not have 2 NICs. So a member server is a good idea.
0
 

Author Comment

by:lmootoo
ID: 24319218
I will give that a try and let you know how it works out by Friday thank you for replying
0
 

Author Comment

by:lmootoo
ID: 24319438
I thought i am supposed to use DNS on the internal NIC only not the Outside from what i am reading is that correct
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:lmootoo
ID: 24319896
Ok i applied the settings of my ISP


IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (ISP Gateway am i correct)
DNS 172.16.6.10 (your internal DNS)
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24319913
This depend a little bit from your constellation. Means, if your server is a stand alone ISA or if other services are running on this machine.

The question is in general, how DNS requests are handled and they behaves different for SecureNat, WebProxy and Firewall clients. Depending on where and from whom DNS requests are made, it is allways a good idea, to point all DNS requests to an internal server and let this DNS act also as forwarder for internet addresses.  This makes sure, that any internal service can resolve internal and external addresses. The ISA itself is not all the time aware about what is internal and external and this may force some situations, that ISA tries to resolve internal names agains the ISP, if you have setup two different DNS sources.  

Have a look here (is ISA 2004 but does not care):
http://technet.microsoft.com/en-us/library/cc302590.aspx

This is not a security risk, as ISA itself should block any request from the external NIC to the internal DNS. Mostly the routers in front of ISA do the same. This setting just avoids confusion about, how DNS requests from ISA are handled.

If you are unsure, you can also try to leave the DNS settings on the external NIC empty. In the case, that no other services on ISA itself need DNS name resolution, this may work. But you should never mix internal and external DNS settings on ISA together.

0
 
LVL 35

Expert Comment

by:Bembi
ID: 24319962
> Ok i applied the settings
OK, now make sure, your internal DNS server can resolve external names.
Have a look at your assigned external DNS servers (you can mostly see them on your router, if connected) and add these IPs as forwarders to your internal DNS.

You can check this on your DNS machine or any other client (if not denied by a rule) by just use nslookup with any external name.

If you don not want to allow resolving external DNS names by your clients (with the exception of WebClients), you can setup a rule to allow DNS only for your internal DNS server.
0
 

Author Comment

by:lmootoo
ID: 24320070
That all works i can resolve external names, also i am able to browse the web on the the machine ISA is going on is that supposed be.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24320284
Sounds good so far...
0
 

Author Comment

by:lmootoo
ID: 24321725
I would like to say thank you very much for your help with this issue Bembi you earned your 500 points guess what after i applied the IP config i installed ISA 2006 created a rule to let all internet traffic out, it seems to be working so far thank you again. You can consider this issue closed
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24321761
If I may ask.. What router are you using? is it NAT enabled?


If yes then your problem will occur when you want to port forward a service.

Anyway since its not the scope of the inquiry perhaps good luck with your exploration.



0
 

Author Comment

by:lmootoo
ID: 24325732
I am using a DLINK DIR-655
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2 isp for one site 5 76
Utilities to reset local Win 7 passwords 21 145
XP driver for Dell Color MFP H625cdw printer needed 7 150
ost file to pst 10 102
Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now