ISA 2004 and virtual network cards

I have a customer who has one ISA 2004 server (on server 2003)  that provides internet access to a number of businesses within the building.

It has one network card with a WAN ip address ( and a second card with the Lan ip address,  obviously !)

The customer has 32 static WAN ip addresses available.

I want to use some of these WAN ip adresses to give the other businesses in the building a static ip adresses so they can host exchange, vpns etc.

Does ISA server support this ?

If so how do create a virtual NIC or connector or listener that I can then assign one of the static IP's to?

If ISA 2004 will not this are there any alternatives ?

To summarise - I need some kind of IP gateway that accepts requests on multiple WAN ip addresses and redirects them to the relevent subnet on the internal network.


Who is Participating?
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Already answered.
you can look at these links....are very helpful

For VPN :
from isa site:

For OWA (exchange)
Keith AlabasterEnterprise ArchitectCommented:
First of all, you would not use virtual nics for this, you would have to bind all available IP's to the ISA external NIC i.e. one physical and the rest would be arp addresses.
When you published each service you would select the specific IP address for the service you were publishing. Could be one each per company and you would select the internal smtp server to point that IP at. Each IP could support an smtp, an http site, an https site etc (assuming you had a certificate for each).

The problem comes for outbound and response traffic especially if reverse lookups are used. For outbound traffic - assuming you will want to use NAT - only the default ip address assigned to the external nic is used, you can select the ip address.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

zoltan9992000Author Commented:
Many thanks for the prompt responses.

In will look at the your links later MinoDC.

To turn to Keiths comments - Can you be  bit more explicit about the issuses I would have if I used arp addresses.
I will check out if NAT is being used.
I understand you are saying virtual NICs are a bad idea but what do you suggest I can do instead.
Keith AlabasterEnterprise ArchitectCommented:
Not a case of virtual nics are a bad thing - you can use a virtual nic for the extenal interface but you can have only one external interface, regardless of whether it is a physical or virtual entity.

No issue at all with arp addresses - I have 13 in use on my own system and all work perfectly.
The issue is outbound traffic - for example, I have physically assigned to my external nic. the other 12 are just arp addresses added at the nic, tcpip, advanced level. When traffic is sent out from internal to external, the NAT will use the address as this is the one physically bound to the nic. You can select which IP address gets used for the NAT based on protocol or source.

If you are therefore using let's say 5 internal exchange servers and using DNS to deliver smtp traffic to the outside world, if NAT is involved then all five smtp servers will send traffic and it will leave as - because that is the NAT address. If any external mail server is using reverse lookup then they will check the MX record of the sending server and the associated IP address and that will NOT necesarily be the same as the NAT address.
zoltan9992000Author Commented:
Thanks keith,

Thats very interesting.

Didn't know it was so easy to add ip addresses to one NIC.

I will play with that later.

When you say
" You can select which IP address gets used for the NAT based on protocol or source."

Does this mean you can change the ip address that NAT assisgns to the outbound packets based on the ip of the machine it originates from ?

i.e. Using your setup  - If a internal machine has an IP of then can you can set NAT to change the external ip from to one of the other 12 ips for outgoing traffic.
Set up correctly there would be no issues with MX reverse lookups.

If the answer to this is yes can you give a brief pointer to how you set NAT to do this ?

Thanks again.


Keith AlabasterEnterprise ArchitectCommented:
My error - that should read you 'can not' select which IP address gets used for the NAT based on protocol or source. Aplogies, I was watching the telly at the same time as typing.
zoltan9992000Author Commented:
Sorry Keith - thought I'd done this already.

That tip provided the solution I was looking for.

Many Than ks
Keith AlabasterEnterprise ArchitectCommented:
Welcome :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.