RE: [fw-wiz] installing ISA server behind PIX firewall

From: George J. Jahchan (Firewall-Wizards@Compucenter.org)
Date: 03/28/03

  • Next message: Bruce Platt: "RE: [fw-wiz] stop microsoft p2p" 
    From: "George J. Jahchan" <Firewall-Wizards@Compucenter.org>
To: "Firewall Wizards List" <firewall-wizards@honor.icsalabs.com>
Date: Fri, 28 Mar 2003 13:06:56 +0200

    You can use ISA two ways: as an http cache only (one NIC) or as an http
    cache + NAT/Firewall (two or more NICs, one LAN, one WAN + DMZ if
    applicable).

    As shown in the diagram, it has two NICs, one connecting to the LAN and
    another to the PIX. By setting up your browser to auto-detect proxy you
    will be able to browse. But to access winsock services through ISA, you
    need to install the firewall client (from a network share on the ISA
    Server) on every host that needs such access.

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Serkan
    Basaran
    Sent: Tuesday, March 25, 2003 4:16 PM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] installing ISA server behind PIX firewall

    Hi,
    One of our customers wanted me to install ISA server behind PIX firewall
    to
    use as proxy.

    INTERNET ---- PIX ---- ISA ----- LAN

    How can I configure the IP forwarding on ISA without changing anything
    in
    the hosts computers?

    _________________________________________________________________
    The new MSN 8: advanced junk mail protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Bruce Platt: "RE: [fw-wiz] stop microsoft p2p"

    Relevant Pages

    • Re: Server with 3 NICs
      ... The way it should be done is to not use the ISA, the ISA is not a LAN ... router, it is not a router at all, and shouldn't be used as one. ... > two nics doing the ...
      (microsoft.public.isa)
    • Re: Setup Question about Standard (no ISA) Edition
      ... Without ISA, you won't be using a proxy port for internet access from the ... Without ISA, *any* box can be connected to the lan, receive an IP, and go ... Without ISA, but with two nics, you'll get basic firewall capabilities via ...
      (microsoft.public.windows.server.sbs)
    • Re: SBS 1002 Premium R2 Mangling Port Issues
      ... I will leave ISA out of the equation in that case. ... NIC or 2 NICs) did you finally end up with? ... the WAN NIC so there's only one NIC in the SBS (and then re-run CEICW ... port forward 8016 to the "external" SBS NIC IP ...
      (microsoft.public.windows.server.sbs)
    • Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
      ... NICs at GB speed. ... So what happens when the server and the workstations are on the same ... Les Connor [SBS MVP] ... PMTU that ISA Server installation disabled. ...
      (microsoft.public.windows.server.sbs)
    • Re: SBS 1002 Premium R2 Mangling Port Issues
      ... If you have a decent hardware firewall/router now, ISA ... NIC or 2 NICs) did you finally end up with? ... the WAN NIC so there's only one NIC in the SBS (and then re-run CEICW ... port forward 8016 to the "external" SBS NIC IP ...
      (microsoft.public.windows.server.sbs)