Announcement

Collapse
No announcement yet.

test lab - isa server, two nics, DC, routing to internet..

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • test lab - isa server, two nics, DC, routing to internet..

    I want to test some simple isa server 2006/windows server 2003 network configuration in my home.
    I have pc with two nics and external adsl router.
    Internal nic have ip adress 192.168.2.1 and external nic have 192.168.1.2 with default gateway 192.168.1.254 (this is internal router adress) and adress for dns point to external nic. dns have forwarder to adsl router. This is typical configuration.
    My laptop is connected to internal nic via hub. On pc is installed 2003 with active directory, dns, rras, dhcp and isa server 2006. PC can connect to internet.
    Problem is that laptop on internal network cant communicate with external lan or internet. How I need to configure routing on isa or rras to I can connect laptop to internet and active directory?

    setup picture_


    thanks

  • #2
    Re: test lab - isa server, two nics, DC, routing to internet..

    You have to configure NAT on the ISA server.
    If you have installed ISA then never ever touch RRAS on that box. ISA should handle it.
    Also it isn't smart to configure A DC as an ISA server. ISA blocks per default all traffic to that machine so you need to open curtain ports.

    What I did for my testing lab during my mcse security was the following using vmware
    Install DC on a local segment within vmware
    Install a seperate ISA server with one nic in the same segment and one nic bridged to my internal network
    I also installed some seperate clients and servers inside the same segment where the DC existed.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: test lab - isa server, two nics, DC, routing to internet..

      Hello,

      Your internal ip adress and external adress are at the same ip block i guess. normally you can connect eachother.You should firstly change your adress internal adress.(also laptop ip adress) then , you must define to NAT between external and internal adresses to communicate.Also you should define neccessary rules on the isa server like
      "localhost to internal ---> dns,http, etc.. protocols as ALLOW"
      "internal to localhost ---> dns,http, etc.. protocols as ALLOW"

      and you will need to define another rules for local host to external like that.

      Comment


      • #4
        Re: test lab - isa server, two nics, DC, routing to internet..

        Originally posted by Gürsel ARICI View Post
        Hello,

        Your internal ip adress and external adress are at the same ip block i guess.
        Errr if you watches his picture you'll see that he has different subnets.

        @TS: why is your client DNS pointing to the external network instead of the DNS server installed (I assume) on the DC?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: test lab - isa server, two nics, DC, routing to internet..

          Originally posted by Dumber View Post
          Errr if you watches his picture you'll see that he has different subnets.

          @TS: why is your client DNS pointing to the external network instead of the DNS server installed (I assume) on the DC?
          my error. I need to configure internal ip adress on dc and client for dns. but, how to configure isa for routing?

          Comment


          • #6
            Re: test lab - isa server, two nics, DC, routing to internet..

            You should configure NAT.
            If you have configured your internal network correctly ISA performs NAT automatically to external networks (object is called External)
            Just create an accessrule and you're done.

            But why aren't you using vmware?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X