We help IT Professionals succeed at work.


mikey250 asked
Medium Priority
Last Modified: 2012-05-12
My intention is to setup a Win 2003 DC with 3 host pcs and a separate Win 2003/ISA 2006 server to be the firewall so I can also learn about ISA 2006 is the objective.  I have no spare cash so cannot buy ASA etc etc

Qns1. Does my ISA 2006 have to be installed on a separate box but not as a DC but just connected to the domain - ?

This is the list below I was given so wanted to confirm:

In simple terms, this is the supported options...

ISA 2000 - NON-DC - Windows 2000/Windows 2003 - 32-bit only
ISA 2000 - DC - SBS2000/SBS2003 - 32-bit only
ISA 2004 - NON-DC - Windows 2003 - 32-bit only
ISA 2004 - DC - SBS2003 - 32-bit only
ISA 2006 - NON-DC - Windows 2003 - 32-bit only
TMG 2010 - Non-DC - Windows W2008SP2/Windows 2008R2 - 64-bit only
TMG 2010 - Read Only DC - Windows W2008SP2/Windows 2008R2 - 64-bit only
Watch Question

Director, Information Systems
ISA server will probably work fine anywhere you want to put it.  The nature of the product is such that you'd not normally put it on a DC, because your DC would be inside your firewall while ISA server would be outside/spanning the two.  For a test environment, I don't think that will matter.


Hi thats good to know as Ive decided to separate both my DC Server and ISA 2006 on separate member server NOT DC as you mention..

Ive read here:  http://technet.microsoft.com/en-us/library/bb838661.aspx - That only 1 nic can be used as per comments:

You can install ISA Server 2006 on computers with a single network adapter. Typically, you will do so when another firewall is located on the edge of the network, connecting your corporate resources to the Internet. In this single network adapter scenario, ISA Server typically functions as a Web proxy server or a cache server, caching content from the Internet, for use by clients on the corporate network. If you install a single network adapter, you only need to update the internal network adapter table, which is shown in the next section.

Qns1. What do you recomend 1 or 2 - ?
Paul MacDonaldDirector, Information Systems
While it's possible to configure ISA to use only one NIC, that will likely add to your administrative overhead.  

As to whether us should use ISA server alone or in conjunction with a dedicated firewall depends a lot on your resources and what you intend to do with ISA server.  ISA server can be resource intensive, so if you plan on leveraging all its features and/or you have a lot of users passing traffic through it, you'll want to make it as robust as possible.  Otherwise I'd suggest using it in conjunction with a dedicated firewall.


Hi I only have the following equipment to play with which is specifically for test purposes and no real traffic:

5 x 32bit Pentium 3 pc/servers that Ive always used with Win 2003 & host pcs & 1 laptop

I currently have a 'Residential Netgear box'  When I use my Win 2003 DHCP I normally disable my Netgear Dhcp to continue

Once Ive basically setup ISA 2006 I will introduce some routers & switches to make it more real more than likely 1 router or 2:

- 3 x 2500
- 2 x 2600
- 2 x 3600
- 4 x 2950 switch


I have no firewall except for ISA 2006 hence wish to use to act as my only firewall.

Once done I can link to one of my routers and configure: CBAC which will be the firewall via my router so the setup could be as you imply:

First firewall ISA 2006
2nd firewall via my Router/CBAC already configured
off of the Router/CBAC I could have my Netgear router or something like this

Will have to think about network diagram of how it will look though..
Paul MacDonaldDirector, Information Systems

I'd recommend you practice most with whichever configuration you plan on implementing.  In the testbed, you can try both, but ultimately you should spend the most time working with the configuration you think you'll deploy.



Explore More ContentExplore courses, solutions, and other research materials related to this topic.