Announcement

Collapse
No announcement yet.

Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

    Hi All,

    Due to the limitation of the Internet Bandwidth through our ISP, I'm planning to make an SBS 2003 to server our needs to utilize the internet bandwidth and other featuers.

    I have SBS 2003 configured as:
    1. Directory Services
    2. DNS
    3. DHCP
    4. Exchange
    5. Now trying to put the ISA 2004 to be as a deafault Gateway, Proxy Server and Firewall.

    LAN Setup:




    Is this right setup to be able to the users to get Internet Access?

    Also, for the ISA, what is the template Network that i have to choose for this design?

    What I know for the rules that should be available in the Firewall Access rules are as follows:

    DHCP Rules:
    1.Allow DHCP Request --- From Internal to LocalHost
    2.Allow DHCP Reply --- From LocalHost to Internal

    DNS Rules:
    1. Allow DNS From Internal to LocalHost
    2. Allow DNS from LocalHost to Internal

    Internt Access:
    1.Allow HTTP from Internal to External
    2.Allow HTTPS from Internal to External
    3.Allow FTP from Internal to External



    DHCP Scope Options:
    Start IP Address from 192.168.1.3 To 192.168.1.15

    003 Router: 192.168.5.1
    006 DNS Server: 192.168.1.1
    015 DNS Domain Name: habibalby.com

    Please, I need your reply on this design to be able to implement it.

    Thanks,

    Habibalby
    ================================
    HND: Higher National Diploma in
    Computer Science(IT)


    Passed:
    MCSA+Security 2003, VCP3, VCP4
    Done:VMware DSA
    ================================[/COLOR]

  • #2
    Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

    The "correct" way is to get a cheap router to be your ADSL gateway on say IP 192.168.1.1 and the "external" NIC of your SBS to be 192.168.1.2. Then the internal NIC of your SBS is (by default) 192.168.16.2 and your LAN clients are 192,168.16.x distributed by the DHCP on the SBS. SBS is also your DNS and BOTH NICS point to the 192.168.16.2 address for resolution which has your ISP DNS configured as Forwarders. Your LAN is configured with .<domain>.lan as the default DNS domain for AD
    All this configuration is handled for you by the CEICW (Configure E-mail and Internet Connection Wizard) which handles your ISA configuration (template) also.
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.

    Comment


    • #3
      Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

      hi,

      Thanks for your reply. What about it I want to handel this witout the CEICW, will it be possible? As the SBS Server Management CD I don't have it.

      By the way, I having ADSL Connection with Dymanic IP Address.


      But now, when I created the Domain, i have created by using the internel NIC which is having the 192.168.1.1/24 but now another NIC is installed for the ISA Propuse, no problem to chenge the IP Addressing right?

      I mean, when i change the 192.168.1.1 To 192.168.16.2 nothing will happen?

      Can u make it cleary by simple diagram?

      Thanks,

      habibalby
      ================================
      HND: Higher National Diploma in
      Computer Science(IT)


      Passed:
      MCSA+Security 2003, VCP3, VCP4
      Done:VMware DSA
      ================================[/COLOR]

      Comment


      • #4
        Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

        Hi,

        I have done it. It works fine now. Thanks guys for all your support, I really appreciated.

        BR,

        Habibalby
        ================================
        HND: Higher National Diploma in
        Computer Science(IT)


        Passed:
        MCSA+Security 2003, VCP3, VCP4
        Done:VMware DSA
        ================================[/COLOR]

        Comment


        • #5
          Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

          Ali, you're not new to the forums. Why not share your findings with us? Or are you here just to take information, but when it comes to giving back you have better things to do?



          If that is the case we understand, but we will sure remember it next time we see one of your many questions.

          Cheers,

          Daniel Petri
          Microsoft Most Valuable Professional - Active Directory Directory Services
          MCSA/E, MCTS, MCITP, MCT

          Comment


          • #6
            Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

            Hi danielp,

            Why not share your findings with us?
            Well, that's good idea I'm gonna write a tutorial on how to install ISA 2004 with two NICs using one Single ADSL Line with Dymanic IP Address.

            Actually and to be honest with you, I have done it after 5 times installation of ISA Server last night and i was working with it till 2:30 am just to get it done. And eventually, I have done using only SecureNAT.

            Today, I will be completing the setup using F.W Client by installing them in all the clients using Unattended installation by Active Directoy GPO.

            Or are you here just to take information, but when it comes to giving back you have better things to do?

            The purpose of this forum is to exchange the knowledge that you, me and others knows between all the members over here. Not only taking the information and running away when the question rasied by someone else.

            Just give me little bit time to be fully setup mine at home and then will prepare it and share it with you.

            Thanks once again for your support,

            BR,
            Habibalby
            ================================
            HND: Higher National Diploma in
            Computer Science(IT)


            Passed:
            MCSA+Security 2003, VCP3, VCP4
            Done:VMware DSA
            ================================[/COLOR]

            Comment


            • #7
              Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

              Why would you NOT want to use the CEICW? It ensures you are correctly protected and NOT an open mail realy etc. Furthermore, once you have run it, it saves a script which you can (re-)run as is or amend if you desire to make changes. It also provides you with certificates for remote working and mobile phones.
              In short it provides you with all you need. Is it this factor that "real" sysadmins don't use wizards?
              TIA

              Steven Teiger [SBS-MVP(2003-2009)]
              http://www.wintra.co.il/
              sigpic
              Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

              We donít stop playing because we grow old, we grow old because we stop playing.

              Comment


              • #8
                Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                The script file is called config.vbs (or configx.vbs - where x is 1,2,3... on subsequent runs) and can be found in the C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW directory.
                TIA

                Steven Teiger [SBS-MVP(2003-2009)]
                http://www.wintra.co.il/
                sigpic
                Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                We donít stop playing because we grow old, we grow old because we stop playing.

                Comment


                • #9
                  Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                  hi,

                  Is it this factor that "real" sysadmins don't use wizards?
                  __________________

                  Will it isn't! But the problem is the SBS Console is disappear since I'm installing the SBS 2003 and I don't know hot to retrive it once back.

                  That's why, i can use the CEICW. BTW, now without the CEICW it works fine, however, the Authentication now is faild when I'm trying to Logon to the Domain, I got error message:

                  The specified domain does not exist or could not be contacted THis while I'm trying to Join to Domain.

                  The Domain Habibalby.com is not available. I'm getting this error while I'm trying to logon into the domain by any Domain User excpt the Administrator it logs in successful.

                  Any Recommendations?

                  Thanks,

                  Habibalby
                  ================================
                  HND: Higher National Diploma in
                  Computer Science(IT)


                  Passed:
                  MCSA+Security 2003, VCP3, VCP4
                  Done:VMware DSA
                  ================================[/COLOR]

                  Comment


                  • #10
                    Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                    Hi,

                    Now when i want to join a client to the Domain, I'm not able unless allowing all the protocols to come from Internal to LocalHost.

                    I have allowed port 53 for the DNS also i cannot join.

                    I have allowed DNS and DNS Server Protocol to come from Internal to LocalHost also i cannot join.


                    Can someone suggest which ports i have to use to be able to do join the client to domain?

                    Currently, I'm allowing all the Protocols from Internal to Local host, which i think it's not a recommended

                    Habibalby
                    ================================
                    HND: Higher National Diploma in
                    Computer Science(IT)


                    Passed:
                    MCSA+Security 2003, VCP3, VCP4
                    Done:VMware DSA
                    ================================[/COLOR]

                    Comment


                    • #11
                      Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                      Sound like you've got one horked up install there.
                      Either you get a local professional to help you out, or you allow someone like myself terminal server access.
                      Sorry to come across as commercial at this point, but, unless this is a machine for "playing" on, you need to get this machine into a usable state ASAP. And, hey, me and my pals have to make a living as well
                      TIA

                      Steven Teiger [SBS-MVP(2003-2009)]
                      http://www.wintra.co.il/
                      sigpic
                      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                      We donít stop playing because we grow old, we grow old because we stop playing.

                      Comment


                      • #12
                        Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                        hi,

                        well, i don't think that there is a much playing in the rules since the Outbound and Inbound Settings are correctly made.

                        The only thing now I'm facing is the joining the clients to the SBS Domain.

                        i have an Allow Rule for DNS from LocalHost to Internal and also from LocalHost to External.

                        By this rules i cannot join to domain any clients.

                        BUT,

                        i have a Rule that will Allow all Internal Outbound Traffic to LocalHost for all users, this rule will make me able to join the domain any clients.

                        Allowing all the Internal Outbound Traffic it is not a recommended practice becuase if there is an Internal Client is infected with a virus of anything it will allow to send it's broadcasting to the LocalHost which will be accepting to do so.

                        What i want to do is to Disable this rule which is Allowing all Outbound Traffic from Internal to LocalHost and creating the rules which will allow me to join the clients to the domain.

                        Can someone recommed which protocols i have to use in order to get Rid of this ?

                        Thanks,

                        Habibalby
                        ================================
                        HND: Higher National Diploma in
                        Computer Science(IT)


                        Passed:
                        MCSA+Security 2003, VCP3, VCP4
                        Done:VMware DSA
                        ================================[/COLOR]

                        Comment


                        • #13
                          Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                          HI Once again,

                          I eventually relized that i wouldn't treat the SBS 2003 as a normal Server or DC. After getting the orginal 6 CDs from a friend of mine and installed it it works fine without it any problem in joing clients to domain by:
                          1. Adding the user, then automatically adding the computer name.
                          2. Going to clinet machine and access http://servername/connectcomputer it connects fine and the client joined into the SBS 2003 successfuly.

                          However, after installing ISA 2004 as a Edge Network using two NIC one from External and the other for internal, clients can access the internet using the Default Gateway as the Internal IP of the SBS 2003.

                          But I cannot access http://servername/connectcomputer to be able to connect the new client to SBS 2003 and also clients cannot get access to SBS 2003 Server to gain resources.

                          Moreover, when i try to access http://servername.domanname.com:80 it open successuly but i cannot click on Connect to Network. And I got an error message says that the IIS is Denied Access to this IP.

                          What are the defualt rules that must be in used ISA 2004 with SBS in order for SBS 2003 to function all the Services that SBS 2003 provides? like DNS, DHCP, ect.

                          Thanks,

                          Habibalby
                          ================================
                          HND: Higher National Diploma in
                          Computer Science(IT)


                          Passed:
                          MCSA+Security 2003, VCP3, VCP4
                          Done:VMware DSA
                          ================================[/COLOR]

                          Comment


                          • #14
                            Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                            Please!
                            Check if you have the ICW.EXE file in the:
                            C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW
                            directory.
                            If you do and then answer the questions on route, you will have a safe, known configuration which will save you all these questions.
                            If you do not have this, try going back via Add/Remove programs and the SBS setup to uninstall/reinstall the Server Management and its components. If that still doesn't go, either re-install from scratch according to the instructions, or get a professional to help you.
                            I personally think you are wasting too much time on an installation that will cause you nothing but grief for the rest of its working life.
                            Sometimes, you have to know when to cut your losses.
                            TIA

                            Steven Teiger [SBS-MVP(2003-2009)]
                            http://www.wintra.co.il/
                            sigpic
                            Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                            We donít stop playing because we grow old, we grow old because we stop playing.

                            Comment


                            • #15
                              Re: Configuring ISA 2004 On SBS 2003 With Two NICs? Please Help

                              Steven, who are you kidding?
                              Cheers,

                              Daniel Petri
                              Microsoft Most Valuable Professional - Active Directory Directory Services
                              MCSA/E, MCTS, MCITP, MCT

                              Comment

                              Working...
                              X