Re: Best practice when creating "Networks" - ISA 2004

I added a NIC to the ISA 2004 EE firewall. I defined that as the Perimeter
network. I created a route relationship between perimeter and internal.
Internal network is defined on another NIC.

I think I understand now:
It seems I could specify the ranges for "Infrastructure AD Servers",
"workstations" under "Computer Sets". That way I could control exactly where
traffic should flow from/to. Then I specify on "Enterprise Internal Network"
all range of IP address for my internal organization. That makes more sense
now...



"Phillip Windell" <@.> wrote in message
news:e8evNl5GGHA.3936@xxxxxxxxxxxxxxxxxxxxxxx
> "Marlon Brown" <nomail@xxxxxxxxx> wrote in message
> news:eCxzmn4GGHA.3904@xxxxxxxxxxxxxxxxxxxxxxx
>> If I understand your answer, you are saying I should not worry and divide
>> the "network" ranges in a granular way; just define whatever is
>> "Internal"
>> network, "perimeter" range and that's it.
>> It is strange if I need to put a rule that applies to few infrastructure
>> servers. In my view if I have a rule "Allow HTTP from Internal network to
>> Perimeter network" that would apply to HTTP traffic to servers as well.
>> In
>> this example all need is HTTP traffic related to workstations in my
>> organization.
>
> From what I have been able to gather from your post, you do not have a
> "perimeter network" but have just possibly another LAN Segment. You
> should
> use a LAN Router to route between LAN Segments and use the ISA on the
> network Edge for internet access. IT is possible to use ISA as a LAN
> Router, but only when done in the proper way, and from what I have seen so
> far I do not think you have the right environment.
>
> It is pretty much impossible for me to specifiy more without knowing a lot
> more about the LAN's design and I have not been able to gather much about
> it
> so far.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>


.

Relevant Pages

  • Re: Internet Intermittent Connection
    ... Here are my IPs for the network: ... ISA Internal NIC: 192.168.100.1 ... Modem External: Public IP Address ... I have an intermittent Internet connection that has been going on for ...
    (microsoft.public.isa)
  • Re: Disable dynamic route entries in Windows 2003?
    ... and how they're configured/managed by the network folks. ... My ISA servers have two NIC's: one in a VLAN that is an "internal" DMZ, ... So, from the standpoint of ISA Server, there are two separate interfaces ... the "Internal VLAN can NOT route to the Internet VLAN, ...
    (microsoft.public.windows.server.networking)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)
  • Re: 3 Leg configuration issue.
    ... Does the ISA server have a routing table entry that describes how to reach ... Did you add this address range to the ISA Internal Network address table? ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.isaserver)
  • Re: Disable dynamic route entries in Windows 2003?
    ... have two Nics. ... to publish applications to the Internet; ... destination network through two different interfaces, ... If you correctly configure the ISA machine with respect to the VLANs and the ...
    (microsoft.public.windows.server.networking)
Loading