Re: isa on a single subnet

Tech-Archive recommends: Speed Up your PC by fixing your registry

I am trying to install ISA server on 2003 server in a business
environment. Currently they are running a cheap DLink router which has
an IP address that must be 192.168.0.x, x =1 at the moment. Also the
rest of the client computers on the network have IP addresses on the
192.168.0.0 subnet. I want to try and install ISA server 2006 on the
2003 server without if possible having to change all the client
computers and other servers from the 192.168.0.0 subnet.

Do your computers take their IP addresses from a DHCP server? It can really help with deployments just like in your case where you need to change client's IP settings (DGW, or an IP address and/or network mask).

So in order to make the transition easier I want to assign IP
addresses say 192.168.0.3 - 192.168.0.254 to the internal subnet and
192.168.0.2 to external.

Wrong. ISA interfaces should belong to *different* subnets. You should configure an external ISA server interface in accordance to the upstream link requirements. Take a look how the DLink's WAN port configured and perform similar configuration with the ISA's external interface.

The client wants to keep the router for now.

You could place an ISA server side-by-side with existing router. Then test the ISA configuration and, when you get satisfaction with a result, you just remove the unneeded router.

You can assign, for example, 192.168.0.100 address for the internal ISA interface and (idontknowwhich - see above) address for the external interface. After you perform all the ISA configuration and tests, you have two options of moving all the clients to the newly deployed internet gateway:

1. Change all the client's default gateway setting to the 192.168.0.100
2. Disconnect DLink, then change the ISA server internal interface address to 192.168.0.1 (the address of DLink's internal interface).

Right after that you can settle back, relax and have a fun with secure internet browsing through the ISA server.

--
Regards,
Andrew
.

Relevant Pages

  • Is this ISA server setup right or wrong?
    ... local ip address to wan port of isa server. ... >pix 501 and a vpn between the sites. ... >office has their own access to the internet. ... >address for the internal interface ... ...
    (microsoft.public.isa)
  • Re: ISA network settings
    ... How are you assigning IP addresses on your internal network? ... internal ISA interface and for your clients that will be behind the ISA ... IP on the same subnet as the internal interface of the ISA server, ... When trying to acess the internet from the server i get the 403 forbiden ...
    (microsoft.public.isa.enterprise)
  • RE: Confused!!!!
    ... the isa server needs to consider the hardware firewall as a ... so the ISA server considers the 212.135.x.x subnet to be the internet, ... the DMZ interface is 212.135.x.x/26 so i have a bunch of public IP's ... you will need 2 distinct networks because ISA needs to consider on of its ...
    (microsoft.public.isa.configuration)
  • RE: Web caching server
    ... Also ensure that the ISA Server can ... > Internet bound requests to your Internet access device, ... > The best option for the DNS server is an internal network ... > server has only one interface connedted to the network ...
    (microsoft.public.isa)
  • Re: Intermittent Firewall 15108 Events on SBS2003/ISA2004
    ... This newsgroup only focuses on SBS technical issues. ... of |> the internal network object). ... If the ISA server receives a package with an |> internal IP as source address from the external port, the package would be |> treated as a spoof attack. ... |> 825763 How to configure Internet access in Windows Small Business ...
    (microsoft.public.windows.server.sbs)