RE: DMZ Setup With ISA 2004
- From: Jack of all IT trades :| <JackofallITtrades@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Aug 2006 09:38:02 -0700
Thanks Shijaz for the response:
However, one thing I neglected to mention is that I wanted to utilize the
cross-over connection for DNS/AD/RDP.
Bearing in mind what you menitoned about the cross-over connection, would it
be more feasible to attach the desginated Cross-over connection NIC on ISA2
to the internal lan for DNS/AD/RDP. Let me know if I'm barking up the wrong
tree or have any other suggestions.
Again, thanks for any assistance.
"Shijaz" wrote:
Since you have two separate external connections, and have two ISA Servers,.
isolation is pretty easy. Connect the first T1 line to your ISA1 and use it
for internal internet access, etc.
Connect the second T1 line to ISA2 and use it for publishing your web server
on a separate DMZ network.
ISA Server 2004 does not support multiple external connections.
The cross-over connection is used between two ISA 2004 *Enterprise Edition*
servers for intra-array communication, i.e. sharing the configuration, cache,
etc between the servers.
--
Shijaz
MCSE:Security, CCNA
www.shijaz.com/isaserver
"Jack of all IT trades :|" wrote:
Sorry....I hit the enter button too soon:
Hello;
I've been tasked to create a new ISA server to isolate the traffic going
into our webserver; unfortuntely this is all new to me :)
BackGround:
Anyways, we have an existing ISA 2004 server which is configured as a edge
firewall (which is connected to a T1 line) and provides firewall and VPN
services to our internal LAN.
Just recently we had another T1 line installed as we want to isolate the web
(web server is internal) traffic from the internal LAN due to expected an
huge increase to our website.
Each of the ISA servers has 3 NICs installed:
ISA1 (Existing Production)
NIC1 - External Access
NIC2 - Interal Access
NIC3 - Cross Connect to ISA2 IP address set to 192.168.1.1
ISA2
NIC1 - External Access
NIC2 - DMZ
NIC3 - Crossover Connect to ISA1 IP address set to 192.168.1.2
My Questions are:
1) How to I configure the second ISA server using the cross over
connection(which Firewall rules, network settings) to communicate with ISA1,
to route incoming traffic to the internal webserver
2) Are the alternatives to the cross over connection to get the same results
I want to achieve?
Thanks for all your help
"Jack of all IT trades :|" wrote:
Hello;
I've been tasked to create a new ISA server to isolate the traffic going
into our webserver; unfortuntely this is all new to me :)
BackGround:
Anyways, we have an existing ISA 2004 server which is configured as a edge
firewall (which is connected to a T1 line) and provides firewall and VPN
services to our internal LAN.
Just recently we had another T1 line installed as we want to isolate the web
(web server is internal) traffic from the internal LAN due to expected an
huge increase to our website.
- Follow-Ups:
- RE: DMZ Setup With ISA 2004
- From: Asher_N
- RE: DMZ Setup With ISA 2004
- References:
- RE: DMZ Setup With ISA 2004
- From: Jack of all IT trades :|
- RE: DMZ Setup With ISA 2004
- From: Shijaz
- RE: DMZ Setup With ISA 2004
- Prev by Date: Re: Changing Internal and External IP adress of the ISA 2004 server
- Next by Date: RE: DMZ Setup With ISA 2004
- Previous by thread: RE: DMZ Setup With ISA 2004
- Next by thread: RE: DMZ Setup With ISA 2004
- Index(es):
Relevant Pages
|
