Re: Where do you install ISA?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 07/14/04 

Date: Wed, 14 Jul 2004 10:48:37 -0700

You can separate the subnets exactly as you describe:
external = 192.168.1.x
internal = 192.168.2.x 

-- 
 Jim Harrison [ISASE]
 Read the help, books and articles!
 This posting is provided "AS IS" with no warranties, and confers no rights.
"A. Lanza" <alfonso@lanza-ti.com> wrote in message news:%238EW98XaEHA.3524@TK2MSFTNGP12.phx.gbl...
Jim Harrison [MSFT] wrote:
> There are two protocols there (SMTP, POP3) that force ISA to operate in Firewall or Integrated mode, and both operating modes
> require two NICs in separate subnets.
> Basically, the means that you'd have chained firewalls.
> This is actually a good thing, since you can limit internet access at the existing firewall to the ISA alone and let the ISA 
> handle
> the per-protocol. per-user, per-schedule, etc rules.
>
Jim,
i have only one internet IP address from my provider and that one's for
the DSL router. So i have to use private IP addresses for both the
internal and external nics of my ISA. I have ISA server operating in
integrated mode, but it doesn't seem to work ok. Though securenat
clients can access the web via ISA proxy service, they are not able to
access mail servers (neither pop3 nor smtp).
the internal and external nics of ISA are set to be in 192.168.1.x
range... could this be the problem? do i have to use two different
private subnets like 192.168.1.x and 192.168.2.y for the ISA nics?
This is my actual config:
DSL WAN (public ip) - DSL LAN (192.168.1.1) - ISA external nic (192.168.1.2)
ISA internal nic (192.168.1.3) - switch - client PCs
TIA,
AL

Relevant Pages

  • Re: Client PC cannot access internet
    ... ISA is re-installed and hey presto! ... Merv Porter [SBS MVP] ... Server can access the internet. ... Have you checked the binding order of the NICs? ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Disable dynamic route entries in Windows 2003?
    ... have two Nics. ... to publish applications to the Internet; ... destination network through two different interfaces, ... If you correctly configure the ISA machine with respect to the VLANs and the ...
    (microsoft.public.windows.server.networking)
  • Re: No internet access thru SBS
    ... it always needed at least 2 NICS) I did not check the ISA log. ... working the day before then somwhere the internet pass-through in the SBS ... I assume that is the proxy server feature that quit. ...
    (microsoft.public.windows.server.sbs)
  • Re: Questions re SBS and Public Websites
    ... confusion re the 2 NICs - what I meant was I was going to duplicate the IP ... ISA 2000 SP2. ... Internet ... > some questions about Windows 2003 Standard Server deployment. ...
    (microsoft.public.windows.server.sbs)
  • Re: RWW - Cant login
    ... Premium and ISA. ... In the Microsoft Internet Security and Acceleration Server 2004 ... In the center pane, find a policy named SBS Internet Access Rule, ...
    (microsoft.public.windows.server.sbs)