Solved

IP config for ISA 2006

Posted on 2009-05-06
16
273 Views
Last Modified: 2012-05-06
Hello everyone i am trying to setup isa 2006 but i am having a little problem with the IP settings, the 1st NIC i setup as (IP 172.16.6.254. SUBNET 255.255.255.0 GW 172.16.6.1 DNS 172.16.6.10 from dns server) the 2nd nic is the issue what ip am i supposed to put there is it the ip address assigned to me by my isp. I have a router which the default gateway is 172.16.6.1 and a 2003 server which acts as the the DHCP and DNS server.  Any help would be appreciated.
0
Comment
Question by:lmootoo
  • 8
  • 5
  • 3
16 Comments
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24314998
Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE

Note: /24 = 255.255.255.0

NIC2
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24315030
Ignore the previous..


Correct me if my assumptions are wrong.

Your objective is to change your default gateway to ISA 2006?


Here's your IP Settings Guide:  

NIC1
IP: 172.16.6.1 /24
GW : NONE
Note: /24 = 255.255.255.0
NIC2

IP: <provided by isp>
GW: <provided by isp>
DNS: <provided by isp>

Here you can just remove your old router.
0
 

Author Comment

by:lmootoo
ID: 24315652
Is there any way i can keep the router and configure the NIC2
0
 

Author Comment

by:lmootoo
ID: 24315749
Also the server i want to install ISA on will be a member server is that ok to do.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 24318547
The settings depends a little bit from your general ISP settings. I use the following settings:

LAN:
IP 172.16.6.254
SUBNET 255.255.255.0
GW NONE !!!
DNS 172.16.6.10 (your internal DNS)

Setup your internal DNS to use forwarders (DNS servers of your ISP), so that the DNS can resolve external IPs.

if you have a subnet from your ISP (fixed IPs)
WAN:
IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (same subnet)
DNS 172.16.6.10 (your internal DNS)

if you don't have a subnet from your ISP (dynamic IPs)
Create your own subnet between Router and ISA
WAN:
IP: i.e. 192.168.1.2
SUBNET 255.255.255.0
GW: i.e. 192.168.1.1 (internal IP of the Router)
DNS 172.16.6.10 (your internal DNS)

0
 
LVL 35

Expert Comment

by:Bembi
ID: 24318581
Questions:
1.) Is there any way...
Have a look at the two configurations. The external ISA NIC must be within the same subnet htat your internal IP of your router.
2.) Also the server...
yes sure, why not? You should never install ISA on a DC as possible, as a DC should not have 2 NICs. So a member server is a good idea.
0
 

Author Comment

by:lmootoo
ID: 24319218
I will give that a try and let you know how it works out by Friday thank you for replying
0
 

Author Comment

by:lmootoo
ID: 24319438
I thought i am supposed to use DNS on the internal NIC only not the Outside from what i am reading is that correct
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:lmootoo
ID: 24319896
Ok i applied the settings of my ISP


IP: one of the ISP IPs
SUBNET as provided by ISP
GW: IP of the Router (ISP Gateway am i correct)
DNS 172.16.6.10 (your internal DNS)
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24319913
This depend a little bit from your constellation. Means, if your server is a stand alone ISA or if other services are running on this machine.

The question is in general, how DNS requests are handled and they behaves different for SecureNat, WebProxy and Firewall clients. Depending on where and from whom DNS requests are made, it is allways a good idea, to point all DNS requests to an internal server and let this DNS act also as forwarder for internet addresses.  This makes sure, that any internal service can resolve internal and external addresses. The ISA itself is not all the time aware about what is internal and external and this may force some situations, that ISA tries to resolve internal names agains the ISP, if you have setup two different DNS sources.  

Have a look here (is ISA 2004 but does not care):
http://technet.microsoft.com/en-us/library/cc302590.aspx

This is not a security risk, as ISA itself should block any request from the external NIC to the internal DNS. Mostly the routers in front of ISA do the same. This setting just avoids confusion about, how DNS requests from ISA are handled.

If you are unsure, you can also try to leave the DNS settings on the external NIC empty. In the case, that no other services on ISA itself need DNS name resolution, this may work. But you should never mix internal and external DNS settings on ISA together.

0
 
LVL 35

Expert Comment

by:Bembi
ID: 24319962
> Ok i applied the settings
OK, now make sure, your internal DNS server can resolve external names.
Have a look at your assigned external DNS servers (you can mostly see them on your router, if connected) and add these IPs as forwarders to your internal DNS.

You can check this on your DNS machine or any other client (if not denied by a rule) by just use nslookup with any external name.

If you don not want to allow resolving external DNS names by your clients (with the exception of WebClients), you can setup a rule to allow DNS only for your internal DNS server.
0
 

Author Comment

by:lmootoo
ID: 24320070
That all works i can resolve external names, also i am able to browse the web on the the machine ISA is going on is that supposed be.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24320284
Sounds good so far...
0
 

Author Comment

by:lmootoo
ID: 24321725
I would like to say thank you very much for your help with this issue Bembi you earned your 500 points guess what after i applied the IP config i installed ISA 2006 created a rule to let all internet traffic out, it seems to be working so far thank you again. You can consider this issue closed
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24321761
If I may ask.. What router are you using? is it NAT enabled?


If yes then your problem will occur when you want to port forward a service.

Anyway since its not the scope of the inquiry perhaps good luck with your exploration.



0
 

Author Comment

by:lmootoo
ID: 24325732
I am using a DLINK DIR-655
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now