I'm deploying OWA with ISA Server 2006 as a back Firewall and with Cisco ASA 5510 in the perimeter.
Because there is already a NAT in Cisco from one public ip (10.19.0.227) to one ip in ISA External NIC (192.168.21.12, so that people in our company go to web using one specific IP Address), I intended to publish our Webmail using a different public IP, So I've nated a second public Ip in Cisco (10.19.0.229) to another External IP, that I've configured in ISA (192.168.21.15).
The problem is that I can't access Webmail from the Internet using the second public IP (10.19.0.229), but I can access it using the first IP (10.19.0.227), which is used to go to the web...
So, some questions arise:
- Is there any security issue/best practices which states that it is not recomended to have webmail on the same public ip used by the organization to "go" to the web?
- I think that ISA is not working because, despite the fact that ISA is able to "hear" multiple IPs, it only sends information using the first IP configured on the external NIC. Is this true? Is there any way to bypass this?
- Any other recomendation?