IP config for ISA 2006

Hello everyone i am trying to setup isa 2006 but i am having a little problem with the IP settings, the 1st NIC i setup as (IP 172.16.6.254. SUBNET 255.255.255.0 GW 172.16.6.1 DNS 172.16.6.10 from dns server) the 2nd nic is the issue what ip am i supposed to put there is it the ip address assigned to me by my isp. I have a router which the default gateway is 172.16.6.1 and a 2003 server which acts as the the DHCP and DNS server.  Any help would be appreciated.
lmootooAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
BembiConnect With a Mentor CEOCommented:
The settings depends a little bit from your general ISP settings. I use the following settings:

LAN:
IP 172.16.6.254
SUBNET 255.255.255.0
GW NONE !!!
DNS 172.16.6.10 (your internal DNS)

Setup your internal DNS to use forwarders (DNS servers of your ISP), so that the DNS can resolve external IPs.

if you have a subnet from your ISP (fixed IPs)
WAN:
IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (same subnet)
DNS 172.16.6.10 (your internal DNS)

if you don't have a subnet from your ISP (dynamic IPs)
Create your own subnet between Router and ISA
WAN:
IP: i.e. 192.168.1.2
SUBNET 255.255.255.0
GW: i.e. 192.168.1.1 (internal IP of the Router)
DNS 172.16.6.10 (your internal DNS)

0
 
chatxfalconCommented:
Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE

Note: /24 = 255.255.255.0

NIC2
0
 
chatxfalconCommented:
Ignore the previous..


Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE
Note: /24 = 255.255.255.0
NIC2

IP: <provided by isp>
GW: <provided by isp>
DNS: <provided by isp>

Here you can just remove your old router.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
lmootooAuthor Commented:
Is there any way i can keep the router and configure the NIC2
0
 
lmootooAuthor Commented:
Also the server i want to install ISA on will be a member server is that ok to do.
0
 
BembiCEOCommented:
Questions:
1.) Is there any way...
Have a look at the two configurations. The external ISA NIC must be within the same subnet htat your internal IP of your router.
2.) Also the server...
yes sure, why not? You should never install ISA on a DC as possible, as a DC should not have 2 NICs. So a member server is a good idea.
0
 
lmootooAuthor Commented:
I will give that a try and let you know how it works out by Friday thank you for replying
0
 
lmootooAuthor Commented:
I thought i am supposed to use DNS on the internal NIC only not the Outside from what i am reading is that correct
0
 
lmootooAuthor Commented:
Ok i applied the settings of my ISP


IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (ISP Gateway am i correct)
DNS 172.16.6.10 (your internal DNS)
0
 
BembiCEOCommented:
This depend a little bit from your constellation. Means, if your server is a stand alone ISA or if other services are running on this machine.

The question is in general, how DNS requests are handled and they behaves different for SecureNat, WebProxy and Firewall clients. Depending on where and from whom DNS requests are made, it is allways a good idea, to point all DNS requests to an internal server and let this DNS act also as forwarder for internet addresses.  This makes sure, that any internal service can resolve internal and external addresses. The ISA itself is not all the time aware about what is internal and external and this may force some situations, that ISA tries to resolve internal names agains the ISP, if you have setup two different DNS sources.  

Have a look here (is ISA 2004 but does not care):
http://technet.microsoft.com/en-us/library/cc302590.aspx

This is not a security risk, as ISA itself should block any request from the external NIC to the internal DNS. Mostly the routers in front of ISA do the same. This setting just avoids confusion about, how DNS requests from ISA are handled.

If you are unsure, you can also try to leave the DNS settings on the external NIC empty. In the case, that no other services on ISA itself need DNS name resolution, this may work. But you should never mix internal and external DNS settings on ISA together.

0
 
BembiCEOCommented:
> Ok i applied the settings
OK, now make sure, your internal DNS server can resolve external names.
Have a look at your assigned external DNS servers (you can mostly see them on your router, if connected) and add these IPs as forwarders to your internal DNS.

You can check this on your DNS machine or any other client (if not denied by a rule) by just use nslookup with any external name.

If you don not want to allow resolving external DNS names by your clients (with the exception of WebClients), you can setup a rule to allow DNS only for your internal DNS server.
0
 
lmootooAuthor Commented:
That all works i can resolve external names, also i am able to browse the web on the the machine ISA is going on is that supposed be.
0
 
BembiCEOCommented:
Sounds good so far...
0
 
lmootooAuthor Commented:
I would like to say thank you very much for your help with this issue Bembi you earned your 500 points guess what after i applied the IP config i installed ISA 2006 created a rule to let all internet traffic out, it seems to be working so far thank you again. You can consider this issue closed
0
 
chatxfalconCommented:
If I may ask.. What router are you using? is it NAT enabled?


If yes then your problem will occur when you want to port forward a service.

Anyway since its not the scope of the inquiry perhaps good luck with your exploration.



0
 
lmootooAuthor Commented:
I am using a DLINK DIR-655
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.