ISA 2004 as a web proxy?

[bofhrevenge2]

Hi all, I’m just about to install an ISA 2004 server as a web proxy so no particular security requirements are needed, I have read a couple of articles that say the AD schema will be altered during the install.

Is this necessary just for a web proxy and what changes will be made?

Thanks for any tips.

 

[LUISKA]

AD schema changes are only necesary for ISA arrays. The ISA Server 2004 Enterprise Ed. is not yet released, that means you cannot install an array of ISA 2004 ;-)
A stand alone ISA 2004 (domain member if you want to validate users account) runs perfectly without any AD special requierement.
I have one installed in test, waiting for Enterprise version...

 

[bofhrevenge2]

Excellent thanks.

 

[bofhrevenge2]

Hi i've finally got around to installing my test ISA 2004 server and am not quite sure how to set the cards up.

I currently have two cards one with an internal 10.4.*.* address and no default gateway set and another with a 10.4.*.* address that has a default gateway set as our router, is this correct?
Should the DNS point to my DNS server or my ISP's?

I also want to be able to manage it via RDP how do i enable this in ISA as it stopped working as soon as i installed it?

Cheers.

 

[mcccna]

You can find all of the basic setup info you could ever need at

http://www.isaserver.org

. I have had more than one issue answered by the tech articles there.

 

[bofhrevenge2]

I've had a good look there and there is an awfull lot of info on ISA 2000 but not much on 2004.

I've fond a doc on the MS site that i'm reading it seems quite good, but it says i need to install DNS and DHCP on the box, i already have a server performing these roles so can i skip this?

http://download.microsoft.com/downl...876f06/ISA2004SE_quickstartguide-Rev 1 03.doc

Cheers.

 

[LUISKA]

«I currently have two cards one with an internal 10.4.*.* address and no default gateway set and another with a 10.4.*.* address...»

I can´t imagine the architecture. Dou you have both cards on the same network?

Regards

 

[bofhrevenge2]

At present there is a router with an address of 10.4.116.1 for it's internal interface, the ISA servers front card (external with gateway set) is 10.4.116.2 and the back (internal with no default gateway) card 10.4.116.3. The rest of the range is for clients.

I have an internal DNS and DHCP server too and from reading it looks like I need a caching only DNS server on the ISA do I have to put DHCP on ISA as well or can I stick with the DHCP server I have already.

Cheers.

 

[pmyint]

No need to have DHCP on the ISA Server - you can have DNS Caching on the ISA or point the External NIC to use your ISP/Net Providers DNS as well..

http://www.isaserver.org

is a great site ..


Learn to Crawl before you Walk!!

 

[bofhrevenge2]

Cheers i've been looking on isa.org but was having trouble finding the right docs for 2004, i have a good Thomas Shinder doc now and i'm following that through pending the arrival of his book.

Thanks.

 

[ansellrk]

I can't imagine how a packet would root out of your network? How is your LAT setup? If you have an Internal LAT set as 10.4.116.x then it would class the "external" card as an internal interface, wouldn't it?! How would it route packets out to an External Interface...

We use the range 10.10.180.x/24 for our internal LAT and 10.11.180.99/24 as our external card... that works fine, but any subnet different to your Internal LAT should work.

Regards

 

[bofhrevenge2]

In ISA2004 it doesn't seem to use the LAT like 2000, you specify the internal range yourself. I've specified that the lower end of the range is external and it seems to be sending packets to the router just fine, well it works anyway.

This isn't a production setup i'm just testing it and to be honest i've not looked at it for a week or two, i'm waiting for the books to arrive.

Cheers.