Solved

ISA Server 2006 configuration

Posted on 2010-11-19
3
532 Views
Last Modified: 2012-05-10
Hello,

One of my clients is a software house - they design and develop software.

There current infrastructure using ISA 2006 Server, divided into two zones - internet and internal. This has worked very well until recently.

The problem is that the development team has been performing testing that affects the production network in  a negative way. There run several Virtual Machine's (VM) and one of the VM is a a rogue DHCP server.

I would like to create a zone on ISA server just for R & D and call it the "Dev" zone.  I would like Dev to have the same rules as internal zone.

I would also like to have almost full communication between the "Dev" and Internal zones (with a few exceptions on specific protocals) and I will use firewall rules to adjsut communication between the zones.

The ISA server has enough network ports, so creating the Dev zone should not be an issue.

I treid creating the Dev zone with its own distinxt ipo range, and encountered a few problems.

After creating the new DEV zone, firewall policies (not rules) prevent it from communicating with the internal zone although surfing the internet works; If I include the Dev ip range into the internal zone,  communicating with the internal zone works but not internet.

Does anyone know how I can resolve these issues?

Thanks in advance.

Mark  
 
 
0
Comment
Question by:mbudman
3 Comments
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 34177811
Hi,

There's a point you have to know about ISA is that communications between distinct networks is impossible through ISA until you create a network rule between these networks. Creating the network rule you'll have to indicate if you want to do NAT or routing between the networks.

Of course a network rule is not sufficient but it is mandatory.

After have created the network rule that links the networks by a routing rule you'll have to create access rules to allow protocols to pass through ISA.

Added to that, if you want your new network to be able to access internet you'll also have to create another network rule that links this new network with external network by a NAT rule.


Have a good day.
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 34192415
How have you configured this zone? Is it a perimeter network or just another Internal network?

Also, what is the relationship between the internal network and the DEV zone? If you want it to work like you want it to it has to be "Route" and not NAT.
0
 
LVL 1

Author Closing Comment

by:mbudman
ID: 34293142
Thank you for your assistance.

Mark
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now