In the lab I have an ISA Server that needs to have
the IP addressing information confi gured based on the information in Table 11.2.
other fi rewall technologies support deployments with a single NIC, this means
that the fi rewall will need to be attached to a switch or router, and you are
relying on this surrounding infrastructure to pass packets to ISA Server for
inspection before they are allowed to go to other hosts. Although this should
work, it can be circumvented, and this is why it is considered almost mandatory
to use an inline deployment scenario.
By extension, this means that your ISA Server will need to have at least
two NICs??”one for the Wide Area Network (WAN) interface and the other for
the Local Area Network (LAN) interface. For higher availability it is a good idea
to place redundant NICs into the server.
Table 11.2 Overview of TCP/IP Information
External IP Address 192.168.1.72
Internal IP Address 10.0.1.1
Primary DNS Address 10.0.1.5
Secondary DNS Address 192.168.1.1
Upstream Router Address 192.168.1.1
In order to implement these settings properly on the external NIC, I would use
the settings shown in Figure 11.1.
In order to implement these settings properly on the internal NIC, I would use
the settings shown in Figure 11.2.
384 Chapter 11 ??? Confi guring Microsoft Internet Security and Acceleration Server 2006
Figure 11.1 TCP/IP Confi guration for External NIC
Figure 11.
Pages:
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380