Configuring company's network infrastructure.

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi everyone,

It's been a while since i've posted a something here. Hope everyone's OK !

OK, so I've got some question regarding configuring mail and web server for my company and, of course, ISA server. I'm not sure about some part's of the configuration so I need you help !

Well anyway, this is my first configuration of this kind so be reasonable.

I will have mail and web server and ISA server will serve as firewall and DMZ zone for those two server's.

Here's the picture of my infrastructure:



So, I got three network card's on ISA server. One for internal network, one for external and one for DMZ. I have configured internal and DMZ cards withouth default gateway (hope that's OK ?) and external card must be configured with public IP adress, that i got from my ISP, and default gateway. But, what default gateway must be set ? If i put default gateway that i have for my network, 192.168.0.2, it says that it's not on the same subnet ?

Now, as you see, my ISA server will be behind router that i got from my ISP. I don't know how to configure that router now ?

Is there anything else i must be carefull about with this kind of configuration ?


Thank's for your answers ! ;)

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

we have an IP configured on our router that is in the same subnet and use that.

 

Thank's for your answer. ;)

So basically, i have to set exact same configuration on external network card as is on router ?

 

And one more question. Can I run ISA server on virtual machine or it has to be on "live machine" ?

 

You can run it on a virtual server. Just make sure you throw enough power at it.

 

Thank's !

I bit confused about network cards also. I know that this is gonna sound funny but where do I plug network cables ? I mean, for internal card i plug into switch, for external into router and for DMZ ? Is this how it's gonna or ?

Sorry about stupid questions !

 

Yes you can as has already been answered. I would say RAM is more important than CPU power though as it will be a more limiting factor if you are running several machines at once. I am currently testing an ISA Server 2006 in a virtual lab to try and implement a new filtering system in our live environment. It's been a very useful tool for trying out different changes etc.. It's only 3-4 machines running at any one time which is probably the practical limit on my laptop anyway (2Ghz C2D and 2GB Ram).

 

Thank's for your answers.

1 more question. I dont have 3 ethernet card's in my server that will run ISA so the question is, can i setup my virtual machine to use one card ?

Like this:

 

If memory serves me correctly you can use one physical network card with one of the "virtual network cards", this is a bridged connection.

Looks like its time to install 2 physical nics.

These links may help explain better

http://communities.vmware.com/message/559019

http://books.google.co.uk/books?id=...g=JABRFtkVKtrLj0MxKCNDJeurykc&hl=en#PPA145,M1

 

Thank's kevicho !

Now, I have configured everything but i'm having problems with ISA..

I have applied rule for sending mail to mail server, that is in DMZ, but i'm getting this error:

"Description: Server publishing rule [my rule] failed because there was no valid network listener. For requests to reach the published server there must be a network relationship between the selected listener networks and the published server. Location 325.934.4.0.2167.887.
For more information about this event, see ISA Server Help.
The failure is due to error: 0x8007000d"

I have created DMZ network and created network rule that says "Source Network - DMZ to Destination Network - External and Network Relationship - NAT".

I dont know what i'm doing wrong ?