ISA 2006 configuration question - multiple VLANs and domains

Hi,

I was thinking of purchasing and installing ISA 2006 for a remote
access solution for my office, but I'm not sure it can do what we need
it to.

We have two logical networks, let's say 10.1.x.x and 10.2.x.x, with two
domains; domain1 and domain2 (both 2003 AD). Due to ACLs set on our
router, domain1 (10.1.x.x) can talk freely to domain2 (10.2.x.x) , but
domain2 is restricted from certain ports and servers when talking to
domain1.

This hypothetical ISA 2006 server would be multi-homed to exist on both
logical networks. There is a trust between the two domains as well,
both ways. This ISA server would probably be a member of domain1.

Ideally, what I would like to do is have the ISA 2006 server DHCP for
the right network based on the users credentials they authenticate with
and not allow a user from domain2 to talk to domain1, or at least
restrict them heavily.

I know this might sound a little esoteric, so let me give a scenario
that I'd like to have as a final result.

user1 has an account in domain1. He connects to the ISA 2006 (within
domain1) server (via PPTP). The ISA server authenticates him and gives
him the correct IP address for his network - 10.1.x.x .

user2 connects to the same ISA 2006 server in domain1 and authenticates
to domain2 (there's a trust between these domains, so I don't think
this will be an issue). user2 receives the correct IP for his network -
10.2.x.x .

Sorry for the lengthy post, but I'm trying to be clear. Is ISA 2006
capable of performing this tasks? Is there a guide out there with a
similar scenario in it? The only reference I could find was this, for
2004 and it wasn't very close to this scenario:
http://www.microsoft.com/technet/isa/2004/plan/isaradiusremote.mspx

Thanks in advance!

Jennifer_C

.

Relevant Pages

  • Re: ISA 2006 configuration question - multiple VLANs and domains
    ... very familiar with network segments vs. domains et. al. ... multihomed ISA 2006 server forward a DHCP request to the proper VLAN ... ISA is a Firewall Product designed to protect a network from the Internet. ...
    (microsoft.public.isa.configuration)
  • RE: Firewall service and remoteaccess service shut down frequently
    ... Do you have run the CEICW after installing the ISA components? ... please open SBS server management console, ... Click the Add Adapter button, and add your internal network adapter ... Meanwhile, from the subject, you said you the firewall service and RRAS ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN breaks after installing patches
    ... I have just received your email due to some network traffic problems. ... access the network shares was denied by ISA Server. ... Open the Server management console, navigate to "Internet and E-mail", ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)
  • Re: Win2000 SBS moved to new location... logon issue
    ... about a network not found. ... When you get to ISA, click on "Enable ISA Packet Filtering". ... The popup message you got about ISA filters means that any "custom" ISA ... Security and Acceleration Server | Servers and Arrays | ...
    (microsoft.public.backoffice.smallbiz2000)