• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 565
  • Last Modified:

ISA Server 2006 configuration

Hello,

One of my clients is a software house - they design and develop software.

There current infrastructure using ISA 2006 Server, divided into two zones - internet and internal. This has worked very well until recently.

The problem is that the development team has been performing testing that affects the production network in  a negative way. There run several Virtual Machine's (VM) and one of the VM is a a rogue DHCP server.

I would like to create a zone on ISA server just for R & D and call it the "Dev" zone.  I would like Dev to have the same rules as internal zone.

I would also like to have almost full communication between the "Dev" and Internal zones (with a few exceptions on specific protocals) and I will use firewall rules to adjsut communication between the zones.

The ISA server has enough network ports, so creating the Dev zone should not be an issue.

I treid creating the Dev zone with its own distinxt ipo range, and encountered a few problems.

After creating the new DEV zone, firewall policies (not rules) prevent it from communicating with the internal zone although surfing the internet works; If I include the Dev ip range into the internal zone,  communicating with the internal zone works but not internet.

Does anyone know how I can resolve these issues?

Thanks in advance.

Mark  
 
 
0
mbudman
Asked:
mbudman
1 Solution
 
Bruno PACIIT ConsultantCommented:
Hi,

There's a point you have to know about ISA is that communications between distinct networks is impossible through ISA until you create a network rule between these networks. Creating the network rule you'll have to indicate if you want to do NAT or routing between the networks.

Of course a network rule is not sufficient but it is mandatory.

After have created the network rule that links the networks by a routing rule you'll have to create access rules to allow protocols to pass through ISA.

Added to that, if you want your new network to be able to access internet you'll also have to create another network rule that links this new network with external network by a NAT rule.


Have a good day.
0
 
simonlimonCommented:
How have you configured this zone? Is it a perimeter network or just another Internal network?

Also, what is the relationship between the internal network and the DEV zone? If you want it to work like you want it to it has to be "Route" and not NAT.
0
 
mbudmanAuthor Commented:
Thank you for your assistance.

Mark
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now