Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ISA Server 2006 intital setup Need help!

Posted on 2010-09-19
7
469 Views
Last Modified: 2012-05-10
SO I'm feeling pretty dumb, this is actually my second question on this. I've formatted and replaced both Network card thinking there might be some hardware failure. or a corruption in the TCP/IP stack. I'm pretty sure I'm just failing to remeber/understand a key component.

at the current time, I have a network with 3 servers, all of them have dual NICS, all 3 plug into the current old and starting to fail hardware firewall on their external NICs.  in a "DMZ" subnet on the inside of the Hardware Firewall.  My Goal is to remove the Hardware Firewall and replace it with an ISA server, as I have the hardware and software available. and it'll be nearly free and theoretically give us a much more fine tuned ability to block people we don't want in and to control things for our users.

currently there's an Incoming Static ISP connection with 5 IPs. it comes into a 5 port bussiness connect router set in bridge mode and attached to it is the Firewall.

External IP x.x.x.91
Internal IP 192.168.101.254

The SBS Server currently is routing and is set as

External 192.168.101.253
Internal 192.168.202.253
   Hosting DNS, WINS, DHPC, Exchange, RRAS (NAT and VPN), Company Shared, Sharepoint  using the SBS Internet connection wizard.

Other Servers are a Terminal Server (user VPN in than open RDP) and a dedicated Oracle Box.

My Goal is to remove the 192.168.101.x subnet. and replace the Firewall with an ISA server, and if it's secure enough, and a Good plan to take the routing and VPN off the SBServer and put it on the ISA server positioned at 192.168.202.254

removing a layer of NATing, and leaving a bit more Overhead for the SBServer to do the rest of it's jobs.

I'm not a security guy. but like all admin generally get the concepts and attempt to do thing in a safe manner for my clients, My plan sounds good to me, the problem is I can't seem to get the ISA server to even pull it's own updates after installing ISA 2006.

0
Comment
Question by:R. Andrew Koffron
  • 4
  • 2
7 Comments
 
LVL 10

Expert Comment

by:simonlimon
ID: 33719352
ISA by default denies all traffic, Create a new rule allowing all HTTP and HTTPs traffic from localhost to the internet.

That will take care of updates.

IF you want to use ISA, you should document all traffic that goes in and out, (SMTP, DNS, external OWA access, ActiveSync). You sould also decide if you need the proxy or not and implement that too. And then create the appropriate SErver publishing rules for SMTP traffic to exchange and any other infrastructure traffic. And web publishing rules for OWA.

0
 
LVL 16

Author Comment

by:R. Andrew Koffron
ID: 33721590
i have cleared the proxy settings on the server

but am getting the following:

Error Code 12206: Proxy chain loop
Background: The gateway has detected a proxy chain loop. This condition might indicate a configuration problem on a proxy server.
Date: 9/21/2010 12:26:37 AM [GMT]
Server: svctag-hhp6351
Source: Proxy
0
 
LVL 16

Author Comment

by:R. Andrew Koffron
ID: 33721644
I can get past this by disableing "web proxy filter" on the HTTP protocal but what is the risk of doing so?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 10

Expert Comment

by:simonlimon
ID: 33722839
You will not be using a web proxy. The main difference is that you will not be able to authenticate your clients surfing the web. And it's also a little less secure.
0
 
LVL 2

Expert Comment

by:aimcitp
ID: 33729066
Did you remove the gateway address  from your internal interface on your ISA? You will need to do this and add static routes from the subnets inside your network.
0
 
LVL 16

Author Comment

by:R. Andrew Koffron
ID: 33730487
@aimcitp yes I removed DGW from internal, (well didn't remove it, it never had one).

please explain how to make the route for ISA, i tryed adding it by command prompt

route -p ADD 192.168.202.0 MASK 255.255.255.0 x.x.x.94
0
 
LVL 16

Accepted Solution

by:
R. Andrew Koffron earned 0 total points
ID: 33828050
the problem was Nod32 Anti-virus http scanning.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Router assigned IP addresses 18 98
Generate HTML report about DHCP server 2003 1 45
Setting up static routes to  sonicwll 4 73
User wants to log with Username or Email 4 50
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question