Announcement

Collapse
No announcement yet.

ISA 2006 Setup and Config

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006 Setup and Config

    Hi Guys,

    Im a total newb to ISA 2006 and wanted to get it running, I have built a spare box at home with 2 NIC's in.

    I have Installed:

    MS Windows Server 2003 Standard Edition (SP2)
    MS ISA 2006 Enterprise Edition (SP1)
    with 2 NIC's

    Router IP: 192.168.1.254

    NIC1: 192.168.1.1 (Internal)
    NIC2: 192.168.1.200 (External) > to router

    I know I have to set the rules up for the firewall on ISA?

    Anything else (sorry)

  • #2
    Re: ISA 2006 Setup and Config

    You have to change one of your nics.
    Internal and external in the same subnet won't work.
    Do something like this (for example:

    Internal:
    NIC1
    ip : 192.168.10.1
    mask: 255.255.255.0
    Gateway: blank
    DNS : 192.168.10.10

    External
    Nic 2
    Ip 192.168.1.253
    mask: 255.255.255.0
    Gatway 192.168.1.254
    DNS: Blank
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: ISA 2006 Setup and Config

      Thanks mate

      Comment


      • #4
        Re: ISA 2006 Setup and Config

        No problem.
        Let me know if you want to know more.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: ISA 2006 Setup and Config

          Update:

          I can now:

          PING the ISA server
          RDP to the ISA Server
          get DHCP\DNS from the ISA

          I still cant get internet from my laptop, I can get internet on the ISA.

          NIC's are setup as:

          NIC1 - Internal

          IP: 192.168.10.1
          Subnet: 255.255.255.0
          D. Gateway: NONE
          DNS: 192.168.10.1

          NIC2 - External

          IP: 192.168.1.253
          Subnet: 255.255.255.0
          D. Gateway: 192.168.1.254
          DNS: NONE


          Other details:

          My Server is: 192.168.10.1 (has 2003 and ISA\DC\DHCP\DNS)
          Router: 192.168.1.254

          My Allow Interent Rule is set as:

          Allow
          HTTP\HTTPS
          From: All Protected Networks
          To: External
          Users: All Users

          Comment


          • #6
            Re: ISA 2006 Setup and Config

            And your ip address from the internal client (laptop) is?
            And what are his proxy settings or gateway?
            And have you reviewed the logging within ISA server?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: ISA 2006 Setup and Config

              Laptop IP is: 192.168.10.50

              Proxy Setting in IE is: isa.winwiznetworks.local (which is the servername)

              I've just looked into the logging andddddddd:

              Denied ConnectionISA 1/27/2009 9:16:28 PMLog type: Firewall serviceStatus: Rule: [Enterprise] Default ruleSource: Internal (192.168.10.50:137)Destination: Local Host (192.168.10.1:137)Protocol: NetBios Name ServiceUser:

              Comment


              • #8
                Re: ISA 2006 Setup and Config

                Netbios isn't important..
                You should look at http connections.

                Try IP address as proxy address instead of the DNS name.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: ISA 2006 Setup and Config

                  ha!

                  Put the IP in (192.168.10.1) the proxy settings and its worked!!!!

                  I can now get on web sites etc.

                  One thing I need help with is, if I want to now connect my laptop to the Domain which has ISA on it doesnt see the server plus filing sharing with it

                  Comment


                  • #10
                    Re: ISA 2006 Setup and Config

                    Well ISA is a firewall in the first place and it should be threaten like that so it shouldn't do anything else except running as a firewall.
                    It shouldn't be a fileserver, there shouldn't be a host-based virusscanner on it and running it on a DC is not supported etc.

                    I don't know how you set it up and if this is a testlab or so, but if so you can better run VMware server/workstation or Virtual PC/Virtual Server
                    Setup a DC and setup a separate ISA server.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: ISA 2006 Setup and Config

                      Its only a test computer anyway so I wont worry too much about running it on a DC.

                      One thing I do need help with now is letting SMTP out and POP3 in via ISA.

                      I have a POP3 account setup on my computer and need to get mail going through.

                      Comment


                      • #12
                        Re: ISA 2006 Setup and Config

                        By using outlook?
                        install the firewall client.

                        Then goto the ISAserver console --> servername --> configuration --> General --> Define Firewall Client Settings
                        Goto the tab Application Settings, lookup Outlook and change the value (default Outlook ; Disable ; 1) to Outlook ; Disable ; 0
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: ISA 2006 Setup and Config

                          Yes by MS Outlook 2007.

                          I've installed the firewall client only to be told ....................... Failed to detect ISA Server.

                          Comment


                          • #14
                            Re: ISA 2006 Setup and Config

                            Enter the IP address manually.
                            To setup auto detection you need to configure a bit more

                            Btw, If you are so interested in ISA server 2006, may I suggest you to buy a book??
                            If yes, I would buy http://www.amazon.com/Shinders-Serve...3166976&sr=8-3

                            Currently I'm reading it for myself (just for fun actually) but I love it.
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment


                            • #15
                              Re: ISA 2006 Setup and Config

                              Got it working using the IP, Outlook now working!!

                              I would rather use the DNS name of the server than the IP all the time, anyway todo this?

                              (Sorry and yes I will be buying a book)

                              Comment

                              Working...
                              X