ISA Internal Gateway

Discussion in 'Computer Security' started by Nelix, Dec 2, 2004.

  1. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    Hi Guys, First post for quiet a while.

    We currently run ISA server at work installed in cached mode, anyone on our LAN can connect to the internet through it, however we want to be able to allow users in our regional offices (connected over a WAN) to connect through it.

    Now I know we have a default gateway pointing to our ADSL line on the External NIC, but we cant put the default gateway of the WAN on the Internal NIC to allow this to work, well we can but it only works for an hour or so, I think we will have to install RAS and setup routing to get what we want, Is this correct, if not how do we do it???
    Certifications: A+, 70-210, 70-290, 70-291, 74-409, 70-410, 70-411, 70-337, 70-347
    WIP: 70-346
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    Hi Nelix,

    In theory, as you are only using ISA in caching mode, you can only have web proxy clients. Web proxy clients are configured by either manually configuring thier browsers with the port (8080) and IP address of the ISA server or by autoconfiguration using a WPAD entry in either DHCP (can have issues) or preferably DNS. I think this may work for you and save you some time? The necessity of a default gateway pointing to the ISA server is only for secure nat clients. Web proxy clients should be able to use the ISA servers caching facility as long as it is contactable on the network, i.e. that any routers contain the needed persistant routes to and from the ISA server.

    Hope it helps a tad,

    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. Taz69

    Taz69 Byte Poster

    Can you give an outline on how thing are set up, especially how the remote office connect to your site ie VPN, dedicated WAN links, NAT ect,ect as it does sound like a routing issue.

    You should only have a default gateway on the external interface of your ISA and clients then point either directly (or via routing) to the internal interface.

    I expect Pete will be the man to ask, but if you give an idea how things are set up I'll see if I can pitch in :D
    Certifications: MCSE: S, MCSA:M, MCSA: S, Net+ & 70-284
    WIP: MCSA 2003 & MCSA:Messaging 2003

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.