|
Question : Configure ISA 2004 as Backend Firewall
|
|
Hello, Actually I want to confirm my information and got a new information if I missed something:
The Environment contain ISA Server 2004 (Workgroup) and 2 AD, 2 Exchange 2003 (BE and FE), LCA, MOM, and SMS. External DNS locaated in DMZ Zone The ISA Connected directly to Internet.
They need to add a new Cisco Firewall to be in the front and ISA will be in the Backend
I think firstly I need to open all outbound traffice on the external firewall open the nessesary ports for incoming request from outside to ISA through Cisco firewall.
now my qustions: For ISA Publish rules I think that I need to add ip's in external network for smtp, dns, ftp..... etc then edit the external IP on publish rule also i need to inform Cisco engineer to redirect the smtp traffic for example to that ip that i assigned in external isa, is that correct? I need more details about what i should ask network engineer to open on ISA is it necessary to join ISA to domain I need to Configure VPN I'll open the necceasry ports on cisco FW and configure VPN ISA.
I'l looking for confirmations and advise to continu configuration
|
|
Answer : Configure ISA 2004 as Backend Firewall
|
|
Dear All, Unfortunately I didn't found anyone in Expert-Exchange that can confirm my requiest, I just need to inform that I already found the answer and I need to share it, I think it will be usefull for others:
actually I neet to inform the Network Engineer to configure the following:
Port Name Port Number Direction From To SMTP 25 Inbound 212.77.209.xxs 10.0.0.3 SMTP 25 Outbound 10.0.0.3 All TCP/UDP 53 Inbound 212.77.209.xxd 10.0.0.2 TCP/UDP 53 Outbound 10.0.0.2 All SMTP 25 Inbound 10.0.0.2 172.16.1.2 SMTP 25 Outbound All External-ISA 10.0.0.2 TCP/UDP 53 Outbound All External-ISA 10.0.0.2 HTTPS 443 Inbound 212.77.209.xxw 172.16.1.3 VPN 1723 Inbound 212.77.209.xxv 172.16.1.4 Any Any Outbound All External-ISA All
Where the IP are: 212.77.209.xxs = Public IP for SMTP 212.77.209.xxd = Public IP for DNS 212.77.209.xxw = Public IP for OWA 212.77.209.xxV = Public IP for VPN 172.16.1.2 = ISA External IP for SMTP 172.16.1.3 = ISA External IP for OWA 172.16.1.4 = ISA External IP for VPN 10.0.0.3 = First SMTP GW 10.0.0.2 = DNS and 2nd SMTP GW If the internal DNS forward to Service Provider so we have to create access role from Internal to External port 53. On ISA Server we need to configure the following: 1- Change all IP Publish rules in ISA to select all IP in External. 2- Remove the public IPs on ISA server and configure the new IPs. 3- Go back to Publish rule to specify the new IPs 4- Change SMTP/DNS Server SMTP Remote domain to 172.16.1.2 And change the relay to accept all mail from all ISA IPs
If the VPN will configure on ASA Firewall so we have to create publish rule to specify to which server we need to allow VPN. If the customer needs to configure VPN to access all internal network so in this case we have to configure VPN on ISA Server and configure the Firewall to allow VPN request to ISA.
Regards
|
|
|
|