Solved

ISA 2004 and virtual network cards

Posted on 2011-03-13
10
309 Views
Last Modified: 2012-05-11
I have a customer who has one ISA 2004 server (on server 2003)  that provides internet access to a number of businesses within the building.

It has one network card with a WAN ip address ( and a second card with the Lan ip address,  obviously !)

The customer has 32 static WAN ip addresses available.

I want to use some of these WAN ip adresses to give the other businesses in the building a static ip adresses so they can host exchange, vpns etc.

Does ISA server support this ?

If so how do create a virtual NIC or connector or listener that I can then assign one of the static IP's to?

If ISA 2004 will not this are there any alternatives ?

To summarise - I need some kind of IP gateway that accepts requests on multiple WAN ip addresses and redirects them to the relevent subnet on the internal network.

Thanks.

0
Comment
Question by:zoltan9992000
  • 5
  • 3
10 Comments
 
LVL 9

Expert Comment

by:MinoDC
ID: 35122298
you can look at these links....are very helpful

For VPN :
from isa server.org site:
http://www.isaserver.org/articles/2004vpnserver.html

For OWA (exchange)

http://www.isaserver.org/tutorials/2004owafba.html
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35122361
First of all, you would not use virtual nics for this, you would have to bind all available IP's to the ISA external NIC i.e. one physical and the rest would be arp addresses.
When you published each service you would select the specific IP address for the service you were publishing. Could be one each per company and you would select the internal smtp server to point that IP at. Each IP could support an smtp, an http site, an https site etc (assuming you had a certificate for each).

The problem comes for outbound and response traffic especially if reverse lookups are used. For outbound traffic - assuming you will want to use NAT - only the default ip address assigned to the external nic is used, you can select the ip address.
0
 
LVL 2

Author Comment

by:zoltan9992000
ID: 35122560
Many thanks for the prompt responses.

In will look at the your links later MinoDC.

To turn to Keiths comments - Can you be  bit more explicit about the issuses I would have if I used arp addresses.
I will check out if NAT is being used.
I understand you are saying virtual NICs are a bad idea but what do you suggest I can do instead.
Thanks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35122664
Not a case of virtual nics are a bad thing - you can use a virtual nic for the extenal interface but you can have only one external interface, regardless of whether it is a physical or virtual entity.

No issue at all with arp addresses - I have 13 in use on my own system and all work perfectly.
The issue is outbound traffic - for example, I have 217.155.90.10 physically assigned to my external nic. the other 12 are just arp addresses added at the nic, tcpip, advanced level. When traffic is sent out from internal to external, the NAT will use the 217.155.90.10 address as this is the one physically bound to the nic. You can select which IP address gets used for the NAT based on protocol or source.

If you are therefore using let's say 5 internal exchange servers and using DNS to deliver smtp traffic to the outside world, if NAT is involved then all five smtp servers will send traffic and it will leave as 217.155.90.10 - because that is the NAT address. If any external mail server is using reverse lookup then they will check the MX record of the sending server and the associated IP address and that will NOT necesarily be the same as the NAT address.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Author Comment

by:zoltan9992000
ID: 35123147
Thanks keith,

Thats very interesting.

Didn't know it was so easy to add ip addresses to one NIC.

I will play with that later.

When you say
" You can select which IP address gets used for the NAT based on protocol or source."

Does this mean you can change the ip address that NAT assisgns to the outbound packets based on the ip of the machine it originates from ?

i.e. Using your setup  - If a internal machine has an IP of 10.0.0.5 then can you can set NAT to change the external ip from 217.155.90.19 to one of the other 12 ips for outgoing traffic.
Set up correctly there would be no issues with MX reverse lookups.

If the answer to this is yes can you give a brief pointer to how you set NAT to do this ?


Thanks again.

Paul

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35123397
My error - that should read you 'can not' select which IP address gets used for the NAT based on protocol or source. Aplogies, I was watching the telly at the same time as typing.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 35811140
Already answered.
0
 
LVL 2

Author Closing Comment

by:zoltan9992000
ID: 35914068
Sorry Keith - thought I'd done this already.

That tip provided the solution I was looking for.

Many Than ks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35915861
Welcome :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now