?
Solved

ISA 2004 and virtual network cards

Posted on 2011-03-13
10
Medium Priority
?
342 Views
Last Modified: 2012-05-11
I have a customer who has one ISA 2004 server (on server 2003)  that provides internet access to a number of businesses within the building.

It has one network card with a WAN ip address ( and a second card with the Lan ip address,  obviously !)

The customer has 32 static WAN ip addresses available.

I want to use some of these WAN ip adresses to give the other businesses in the building a static ip adresses so they can host exchange, vpns etc.

Does ISA server support this ?

If so how do create a virtual NIC or connector or listener that I can then assign one of the static IP's to?

If ISA 2004 will not this are there any alternatives ?

To summarise - I need some kind of IP gateway that accepts requests on multiple WAN ip addresses and redirects them to the relevent subnet on the internal network.

Thanks.

0
Comment
Question by:zoltan9992000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
10 Comments
 
LVL 9

Expert Comment

by:MinoDC
ID: 35122298
you can look at these links....are very helpful

For VPN :
from isa server.org site:
http://www.isaserver.org/articles/2004vpnserver.html

For OWA (exchange)

http://www.isaserver.org/tutorials/2004owafba.html
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35122361
First of all, you would not use virtual nics for this, you would have to bind all available IP's to the ISA external NIC i.e. one physical and the rest would be arp addresses.
When you published each service you would select the specific IP address for the service you were publishing. Could be one each per company and you would select the internal smtp server to point that IP at. Each IP could support an smtp, an http site, an https site etc (assuming you had a certificate for each).

The problem comes for outbound and response traffic especially if reverse lookups are used. For outbound traffic - assuming you will want to use NAT - only the default ip address assigned to the external nic is used, you can select the ip address.
0
 
LVL 2

Author Comment

by:zoltan9992000
ID: 35122560
Many thanks for the prompt responses.

In will look at the your links later MinoDC.

To turn to Keiths comments - Can you be  bit more explicit about the issuses I would have if I used arp addresses.
I will check out if NAT is being used.
I understand you are saying virtual NICs are a bad idea but what do you suggest I can do instead.
Thanks
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35122664
Not a case of virtual nics are a bad thing - you can use a virtual nic for the extenal interface but you can have only one external interface, regardless of whether it is a physical or virtual entity.

No issue at all with arp addresses - I have 13 in use on my own system and all work perfectly.
The issue is outbound traffic - for example, I have 217.155.90.10 physically assigned to my external nic. the other 12 are just arp addresses added at the nic, tcpip, advanced level. When traffic is sent out from internal to external, the NAT will use the 217.155.90.10 address as this is the one physically bound to the nic. You can select which IP address gets used for the NAT based on protocol or source.

If you are therefore using let's say 5 internal exchange servers and using DNS to deliver smtp traffic to the outside world, if NAT is involved then all five smtp servers will send traffic and it will leave as 217.155.90.10 - because that is the NAT address. If any external mail server is using reverse lookup then they will check the MX record of the sending server and the associated IP address and that will NOT necesarily be the same as the NAT address.
0
 
LVL 2

Author Comment

by:zoltan9992000
ID: 35123147
Thanks keith,

Thats very interesting.

Didn't know it was so easy to add ip addresses to one NIC.

I will play with that later.

When you say
" You can select which IP address gets used for the NAT based on protocol or source."

Does this mean you can change the ip address that NAT assisgns to the outbound packets based on the ip of the machine it originates from ?

i.e. Using your setup  - If a internal machine has an IP of 10.0.0.5 then can you can set NAT to change the external ip from 217.155.90.19 to one of the other 12 ips for outgoing traffic.
Set up correctly there would be no issues with MX reverse lookups.

If the answer to this is yes can you give a brief pointer to how you set NAT to do this ?


Thanks again.

Paul

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35123397
My error - that should read you 'can not' select which IP address gets used for the NAT based on protocol or source. Aplogies, I was watching the telly at the same time as typing.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 35811140
Already answered.
0
 
LVL 2

Author Closing Comment

by:zoltan9992000
ID: 35914068
Sorry Keith - thought I'd done this already.

That tip provided the solution I was looking for.

Many Than ks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35915861
Welcome :)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question