Announcement

Collapse
No announcement yet.

Isa 2004

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Isa 2004

    I have a network that runs on Windows Server 2003 - SBS( domain controller configured). I also have an ISA 2004 Server - Windows 2003 -SE. The ISA server is not joined to the domain because the OS is higher, but I use the ISA for both DHCP and gateway , while the Domain controller is been used as a Local DNS.
    The problem am facing is this, I set policies on the ISA server to deny internet at certain periods and to all users, but I notice that when a new laptop or system is connected to the network, it gets an IP from the DHCP server on the ISA but can browse.
    Am just trying to ask how I can prevent connected/unknown laptops or systems from having access to the internet. Thanks.

  • #2
    Re: Isa 2004

    3 questions, why is the ISA server not joined to the domain and 2, why are you running DHCP on the ISA and not on the SBS and 3, what policies do you mean? How do they look like?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Isa 2004

      I can't join the ISA to the Domain controller because the domain controller runs on Windows Server 2003 - SBS while the ISA runs on SE.
      I thought it wise to have the DHCP on the ISA to monitor different IPs
      Also the policies I set was to deny all outbound traffic from internal to external from 8am to 6pm exempting certain IPs and systems.
      What must I do to correct these. Its very frustrating to have someone connect to the network and get to to the internet.

      Comment


      • #4
        Re: Isa 2004

        1: Incorrect, you can join the ISA server to the domain. There is no reason not to do it.
        2) No keep a firewall acting as a firewall.
        3) The Deny will only work when the sessions are disconnected first. So I'd believe there is a script for it (http://www.isascripts.org/) which you can shedule...
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Isa 2004

          I will try to join it to the domain... but I have used up my licences i.e I cannot join anymore workstation to the domain.
          Also moving the DHCP to the domain is gonna be very tedious... or do you have a solution for me? Thanks.

          Comment


          • #6
            Re: Isa 2004

            Why do you think that moving DHCP to the Domain is going to be very tedious?
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: Isa 2004

              Ok. This is the whole gist... am just young guy learning about System/Network Administration. My DHCP runs on my ISA server of which I have a range of IP that are excluded from assigning by the DHCP.
              Am really thinking of moving the DHCP to the domain Controller, I don't know how to go about it. And also, I don't want to misplace any configuration settings on any system, printer or router as well.
              The network consists of the Domain Controller, ISA Server, network printers, routers, switches (all these have static IP excluded from the DHCP) and workstations.

              Comment


              • #8
                Re: Isa 2004

                Migrating DHCP is straightforward and well documented at technet.

                IMO ISA Server should be a domain member, the benefits far outweigh the disadvantages.
                BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                sigpic
                Cruachan's Blog

                Comment

                Working...
                X