ISA 2006 Enterprise install/config questions reference NICs

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I'm setting up a 2 server ISA 2006 Enterprise array - and I have some
questions. Both running on Windows Server 2003 R2, with 3 NICs (one
internal, one external, one was going to be for DMZ...but...read on). The
system will be used for outbound Internet access from clients (mostly
browsing, some FTP, RDP, etc.) - it's not protecting any inbound stuff like
web servers. The servers are called ISA1 and ISA2 (clever, huh?).

1) A consultant we hired (familiar with single ISA deployments but not
Enterprise) said the internal NIC shouldn't have a gateway set in the GUI
TCP/IP Properties page, and I should manually add persistent routes (via
ROUTE ADD) to all my internal networks. This sounded odd. But I did it. Is
this correct?

2) He also said the external NIC should not have DNS servers configured -
the internal NIC DNS settings will query my internal DNS server. This sounds
okay, I suppose, and would appear to work.

3) I installed everything okay, but was occasionally seeing errors that the
second server (ISA2) couldn't contact the CSS (which I put on ISA1). Then it
would get resume contact. But the errors persisted, intermittently. He
suggested that we use the third NIC I was going to use for a DMZ and use it
for intra-array communications only - connecting the two servers with a
crossover cable, much as I do with a Windows Server Cluster. One NIC has an
IP address of 10.1.1.1 and the other NIC 10.1.1.2. This sounded odd - I
posted about this weeks ago and was told you don't need a dedicated NIC just
for this. I'm willing to do it - but it hasn't gone well. Intra array
communications only went downhill from there, and in fact after uninstalling
ISA 2006 from ISA2, I've never been able to reinstall it in the Array - I
get a host of errors during the install about not being able to contact the
CSS (where I didn't upon initial install) - but I will save that for another
post. I guess the question here is - is using a NIC with a crossover cable
for intra array communications between ISA1 and ISA2 okay, best practices,
or just pointless?

I'm at the point now where I just want one to work - and I'll focus on
getting the Array part together after that.

Thanks,
Bruce



.

Relevant Pages

  • RE: IIS6 Security and other web servers
    ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
    (Security-Basics)
  • Re: Restrict Dynamic Updates
    ... exposed to the Internet is an inherently bad idea, but am in a position where ... my thought was to leave the clients pointing to the BIND/DNS ... servers to resolve all non-AD queries and redirect them to the AD/DNS servers ... internal DNS server host external public data. ...
    (microsoft.public.windows.server.dns)
  • Re: Windows client - internet connection sharing
    ... or USB port on your FreeBSD box. ... This enables you to set up a 'DMZ' network, ... instance have several servers visible on the Internet. ...
    (freebsd-questions)
  • Re: How Secure is ".Local?"
    ... dozen servers and ~500 websites/public domains. ... I'm weighing the importance of split-brain DNS ... >It is not going to provide your zone info to anyone ... >on the Internet since local is NOT a zone in the ...
    (microsoft.public.win2000.dns)
  • Re: EBS 2008 and e-mail issues
    ... Whilst doing this they used the DNS ... I have reset all the firewalls rules back to default on the TMG server, ... Removed the DNS servers ... On 2003 SBS one would probably easily solve this by running the internet ...
    (microsoft.public.windows.server.sbs)