Re: Noob question: ISA and IIS on the same server?
From: Thomas W Shinder [MVP] (tshinder_at_hotmail.com)
Date: 07/02/04
- Next message: Thomas W Shinder [MVP]: "Re: Opening ports..."
- Previous message: Thomas W Shinder [MVP]: "Re: ISA 2004 and SBS"
- In reply to: Gary: "Noob question: ISA and IIS on the same server?"
- Next in thread: Gary: "Re: Noob question: ISA and IIS on the same server?"
- Reply: Gary: "Re: Noob question: ISA and IIS on the same server?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Jul 2004 19:11:09 -0500
Hi Gary,
This sounds like a back to back DMZ, the most secure config.
Just curious, what real security do you think you derive from the pix? Does
it do anything other than packet filtering and NAT?
Thanks!
-- Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls "Gary" <gary123@123iplynx123.com123> wrote in message news:cVXEc.2965$876.1834@fed1read07... : Using these links: : : http://support.microsoft.com/default.aspx?scid=kb;en-us;323387 : http://support.microsoft.com/default.aspx?scid=kb;en-us;290113 : http://support.microsoft.com/default.aspx?kbid=238131 : : I am configuring an ISA server on an existing Win2k3 server that currently : performs web hosting and DNS in a DMZ (medium security interface--50) behind : a PIX 515. The purpose for this ISA server is to provide proxy access to the : corporate web mail server that is on the high security interface (100) of : the PIX. I am fairly certain that there is no configuration that will permit : me to proxy the web mail on the outside interface of the ISA server, but am : open to any suggestions anyone has on this matter. : : My Solution (as much as I disapprove of how it breaks the philosophy of a : good firewall configuration) is to place the internal interface of the ISA : server on the high security corporate network and leave the public interface : in the PIX DMZ. I would ordinarily never do this but I see no way to proxy : using ISA without 2 physical interfaces, and since ISA IS a firewall (MS : would have me believe--rather convincingly too judging by its capabilities : and documentation which are rather impressive, even to a skeptic like me), I : have little reservation in allowing the DMZ network and the corporate high : security network to met, physically, though 2 firewalls. : : My Question is, how do you configure the Win2k3 server to serve a website : through its own IIS server, but also to proxy to another website using ISA? : I have duplicated my sandbox configuration in the production environment : using the Step-by-step guides provided by MS and while my sandbox : configuration continues to function properly, my production environment is : not functioning in a proxy capacity (DNS and local IIS serving work, but : proxy web mail does not). I have determined that the only difference (that I : can recognize as possibly causing a problem) is that my production : environment Win2k3 server is running IIS, while my sandbox environment is : not. Anyone running IIS and ISA together to both serve and proxy websites? : If so, what deviations from the MS Step-by-step guides are there? Any : assistance would be greatly appreciated!! : : The Step-by-step guides I refer to are (in the order in which i used them : are): : : http://support.microsoft.com/default.aspx?scid=kb;en-us;323387 : http://support.microsoft.com/default.aspx?scid=kb;en-us;290113 : http://support.microsoft.com/default.aspx?kbid=238131 : : Thanks in advance! : : -Gary : : :
- Next message: Thomas W Shinder [MVP]: "Re: Opening ports..."
- Previous message: Thomas W Shinder [MVP]: "Re: ISA 2004 and SBS"
- In reply to: Gary: "Noob question: ISA and IIS on the same server?"
- Next in thread: Gary: "Re: Noob question: ISA and IIS on the same server?"
- Reply: Gary: "Re: Noob question: ISA and IIS on the same server?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
