Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NICs

Status
Not open for further replies.
manoa115

manoa115

IS-IT--Management
Mar 7, 2007
1
US
I am trying to setup a back to back ISA 2004 firewall. The edge firewall will be the front-end ISA 2004 and internal firewall will be a back-end ISA 2004.
Internet-->Frontend ISA-->DMZ(Frontend E2K3)-->Backend ISA-->LAN. The goal is to have an authenicated access DMZ security perimeter between the frontend and backend ISA with the Exchange 2003 FE sitting in this DMZ. The DMZ will be configured for intradomain communication between the DMZ and our LAN. I have two NICs (internal and external NICs) on each of the ISA. I need to know how to configure the NICs and the relationship (NAT or Route) each NICs need to be configure for this solution. My Frontend ISA external NIC has a public IP (216.x.x.x/24) and the ISP router as is DGW. Do I need to put the ISP DNS on this NIC? How should I configure the Internal NIC on the Frontend ISA if the DMZ IP scheme is 192.x.x.x/24? As for the backend ISA, the external NIC is configured with 192.x.x.x/24 but what is the DGW for the DMZ security zone? My internal NIC for the backend ISA is 10.x.x.x/24.
 
Sort by date Sort by votes
Hi,

First of all we (MS) do not recommend to put Exchange 2003 FE server in the DMZ which is separated by FW, because the Exchange 2003 FE should be a member of the AD domain and thus your BE FW will be like a swiss cheese and will not really be a FW.
Put your Exch FE in the LAN.
IF you 're going to implement this FW FE-BE scenario I would recommend to have Int/Ext NICs relationship as NAT, but not route. This will provide more secure environment.

Second - check IP Protocol only for all NICs on both FWs. No other services needed (Like MS Net Client and File/Print Sharing)

Regarding DNS: a lot of options are available here. The first question I'd like to ask is how do you see your local clients resolving DNS names to IP addresses? How this will be changed after you'll implement ISA hierarchy?

More: do not forget about ISA high availability: if you have 1 FE and 1 BE, - either can fail - thus the entire set of services will be unavailable for ext/int users. If you need HA - Use ISA EE.



Victor(MCS)
MCSA/MCSE:Security & Messaging;CNE;CCSE+;CIWSP;CIWSA;Network+;Security+;CCNA;nCSE;CISSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

saintpi
  • Locked
  • Question
How to direct SMTP traffic to Exchange Server with 2 NICs behind a Rou
Replies
2
Views
81
FloDiggs
FloDiggs
saturnius
  • Locked
  • Question
Winproxy with three NICs?
Replies
0
Views
38
saturnius
saturnius
emmahip
  • Locked
  • Question
SmoothWall Setup, NICs, advice please....
Replies
4
Views
141
sleipnir214
sleipnir214
Bonj87
  • Locked
  • Question
Proxy Server -- 2 NICs and Firewall 1
Replies
1
Views
57
Gassner
Gassner
audiopimp
  • Locked
  • Question
1 server 2 nics ? huh? Gateway/ Please help
Replies
2
Views
99
rubbaninja
rubbaninja

Part and Inventory Search

Sponsor

Back
Top