Re: Start with ISA 2004 .. help !!

Hi,

1) - It is only one example of what you can do. My opinion is to use the DNS
service that you already have on your internal DNS server in the Internal
network ISA NIC (as long as it is configured to forward to the Internet DNS
server provider) and use static IP addresses on ISA server.

2) - The ISA behaves beautifully as edge firewall and in you can use the
Template available on ISA for the design you described.
You don´t have to create two "Internal Network Computers" for anything. From
your small description of what you want to do the gateway of your VLAN
should be the ISA server so you can set that on each PC or on the hardware
that is holding the VLANS. From the ISA perspective the Internal networks
should be added to the "Internal" network object so as manual set rout add´s
(your gateway should be the one that your Internet provider mentioned you).
This makes your clients SecureNat clients but you also have the option to
set WebProxy clients or firewall clients, depending on what you want ISA to
do.
Maybe a more detail explanation of what the checkpoint does today and a good
description of your network (routers, switches, hubs, cross pair, etc) would
help to give you more hints otherwise take a look to the MS and
isaserver.org tons on information available.


Qualquer sugestão deve ser testada antes de aplicada - www.gupade.org

"user" <user@xxxxxxxxxx> wrote in message
news:eYpI$9faFHA.3364@xxxxxxxxxxxxxxxxxxxxxxx
> For my second question : i have 2 vlans, so i have to create two internal
> network with 2 nics and i have to assign an ip that will be the gateway
> for the windows xp client ???
> For my firts question : here's he summary of the whitepaper (you see the
> part for installing DNS and DHCP) :
> Introduction. 2
>
> Windows 2000/Windows Server 2003 Configuration Baseline. 3
>
> STEP 1: Configuring the Network Interfaces. 6
>
> IP Address and DNS Server Assignment 6
>
> Configuring the Internal Network Interface. 6
>
> External Network Interface. 7
>
> External Interface with a Permanent IP Address. 7
>
> External Interface with a Dynamic IP Address. 9
>
> Network Interface Order 10
>
> Setting up a Dial-up Connection. 11
>
> Creating the Dial-up Connectoid on a Windows 2000 Server Computer 12
>
> Creating the Dial-up Connectoid on a Windows Server 2003 Computer 13
>
> STEP 2: Installing and Configuring a DNS Server on the ISA Server Firewall
> 14
>
> Installing the DNS Service. 14
>
> Installing the DNS Server Service on Windows 2000 Server 14
>
> Installing the DNS Server Service on Windows Server 2003. 15
>
> Configuring the DNS Service. 16
>
> Configuring the DNS Service in Windows 2000 Server 17
>
> Configuring the DNS Service in Windows Server 2003. 19
>
> Configuring the DNS Service on the Internal Network DNS Server 22
>
> STEP 3: Installing and Configuring a DHCP Server on the ISA Server
> Firewall 24
>
> Installing the DHCP Service. 24
>
> Installing the DHCP Server Service on a Windows 2000 Server Computer 24
>
> Installing the DHCP Server Service on a Windows Server 2003 Computer 25
>
> Configuring the DHCP Service. 26
>
> Configuring the Windows 2000 Server DHCP Server Service. 27
>
> Configuring the Windows Server 2003 DHCP Server Service. 27
>
> STEP 4: Installing and Configuring the ISA Server 2004 Software. 29
>
> Configuring ISA Server 2004. 39
>
> Configuring System Policy to Support Dynamic Addresses on the External
> Interface. 55
>
> Configuring Dial-up Preferences (dial-up connections only) 58
>
> STEP 5: Configuring the Internal Network Computers. 62
>
> Configuring Internal Clients as DHCP Clients. 62
>
> Configuring DHCP Clients on Remote Internal Networks. 63
>
> Troubleshooting. 64
>
> Troubleshooting Cable Connections. 64
>
> Troubleshooting DSL Connections. 64
>
> Troubleshooting Name Resolution. 64
>
> Unable to use Specific Applications. 65
>
> ISA Server 2004 Resources. 66
>
> The ISA Server 2004 Help File. 66
>
> The Microsoft ISA Server 2004 Web Site. 66
>
> The Microsoft ISA Server 2004 Newsgroups. 66
>
> The ISAserver.org Web Site. 66
>
>
>
>
>
>
>
> "Sergio Fonseca [MVP]" <fonsecase@xxxxxx> a écrit dans le message de news:
> ezS5s6faFHA.2768@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi,
>>
>> 1)- In which statement did you understood that?
>> 2)- There a re templates for a edge firewall design but also take a look
>> to Microsoft and isaserver.or sites.
>>
>> Qualquer sugestão deve ser testada antes de aplicada - www.gupade.org
>>
>> "user" <user@xxxxxxxxxx> wrote in message
>> news:OYasD2faFHA.3040@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hello,
>>> 1)I read this on the whitepaper for isa 2004 : ISA Server 2004 Quick
>>> Start Guide - Install and Configure ISA Server 2004 for Secure Internet
>>> Access
>>> 2) I want ISA 2004 to act like our checkpoint FW1 . We change of product
>>> because of the price ....
>>>
>>>
>>> "Sergio Fonseca [MVP]" <fonsecase@xxxxxx> a écrit dans le message de
>>> news: %23vyT$mfaFHA.2736@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Hi,
>>>>
>>>> 1) - It is not necessary by any means!!! Where you read such a thing?
>>>> 2) - What you want to do with ISA?
>>>>
>>>> Qualquer sugestão deve ser testada antes de aplicada - www.gupade.org
>>>>
>>>> "user" <user@xxxxxxxxxx> wrote in message
>>>> news:%23xe70efaFHA.2756@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hello,
>>>>> 1) I read the whitepaper for installing ISA 2004 and i don't
>>>>> understand why we have to add a DNS and DHCP services for this isa
>>>>> 2004 server .
>>>>> First, we have statics ip so , we do not have a DHCP server..
>>>>> Second, we already have DNS servers in our domains ( 2 domains with
>>>>> 2 servers by domain).
>>>>> So, DNS and dhcp on isa are really necessary ??
>>>>>
>>>>> 2) we have 2 vlans in our network organisation, so, do i have to
>>>>> create 2 Internal Network Computers ? i think yes .....
>>>>> Then, i have to assign 1 IP address to every internal network
>>>>> interfaces. Is this that the Computer in our organisation will use as
>>>>> gateway ??
>>>>>
>>>>> Thanks for helping me...
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • RE: Error configuring component - Email
    ... When the DNS forward look up zone is not set ... Select the Change Button on the server and verify the correct computer ... Error configuring component - Email ... | calling pdispPPPBag->QueryInterface. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot connect to RWW from home PC
    ... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
    (microsoft.public.windows.server.sbs)
  • Re: Non-domain connection problem
    ... For some reason the DNS is persistent. ... connect new PC to the internet from the non-domain network: ... In server 2000 gpoedit.msc showed them but in SBS it is different. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... Even a single-NIC configuration should have ONLY the LAN IP of the server as ... Then you can run the CEICW or use the DNS console to enter ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)