| Author |
Message |
Mohan
Guest
|
 Posted:
Thu Oct 27, 2005 12:50 pm Post subject:
Nat on RRAS with ISA 2004 |
|
|
Hi,
we want to deploy ISA server in our organization. we have 5 static public ip
address to map to 5 private address its working fine with our current router
with firewall. But, in that firewall we cannot control internet access to
users and etc. so, we want's to deploy the isa server. but, we understand in
isa server cannot do mulitiple nat it can be one-to-one only. Can I install
RRAS and ISA 2004 same box? If possible. can we use RRAS NAT to configure
multiple nat address and configure ISA 2004 on same box is ok?
Any suggestions please....!!!!
Thanks |
|
| Back to top |
|
 |
Phillip Windell
Guest
|
| Posted:
Thu Oct 27, 2005 8:50 pm Post subject:
Re: Nat on RRAS with ISA 2004 |
|
|
"Mohan" <Mohan@discussions.microsoft.com> wrote in message
news:79B844E2-21E9-4458-8F74-3EDA428C0623@microsoft.com...
| Quote: | we want to deploy ISA server in our organization. we have 5 static public
ip
address to map to 5 private address its working fine with our current
router
with firewall.
|
That is a very bad thing to do in the first place. You might as well have
hose 5 machines sitting "but naked" out on the Internet to begin with,...it
is the same thing. Your firewall is doing absolutley nothing to protect
you,...in fact, it is doing just the opposite,...it is exposing you.
| Quote: | But, in that firewall we cannot control internet access to
users and etc. so, we want's to deploy the isa server.
|
Sounds good.
| Quote: | but, we understand in isa server cannot do mulitiple nat it can be
one-to-one only. |
Correct,...ISA is primarily a "proxy" server not a NAT Server. NAT and
proxying are two different technologies.
| Quote: | Can I install RRAS and ISA 2004 same box?
|
Yes. ISA uses RRAS and the "engine" for the VPN abilities and I believe it
effects the SecureNAT Services of ISA.
| Quote: | If possible. can we use RRAS NAT to configure multiple nat address and
configure ISA
2004 on same box is ok?
|
No, you cannot. And ISA is the "boss" over RRAS and RRAS should not be
configured separately from ISA. ISA configures RRAS "behind the scenes" for
its own purposes (particularly VPN stuff). Any independent configuring of
RRAS should only be done when you know exactly what you are doing with it,
and "why", and "how" it might adversly effect other things.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
----------------------------------------------------- |
|
| Back to top |
|
|
Mohan
Guest
|
| Posted:
Fri Oct 28, 2005 12:50 am Post subject:
Re: Nat on RRAS with ISA 2004 |
|
|
Philip,
First of all Thank you very much for your kind advice.
Is it any way to configure Multiple NAT on ISA 2004 box or any other
Recommendations.
Thanks.
"Phillip Windell" wrote:
| Quote: | "Mohan" <Mohan@discussions.microsoft.com> wrote in message
news:79B844E2-21E9-4458-8F74-3EDA428C0623@microsoft.com...
we want to deploy ISA server in our organization. we have 5 static public
ip
address to map to 5 private address its working fine with our current
router
with firewall.
That is a very bad thing to do in the first place. You might as well have
hose 5 machines sitting "but naked" out on the Internet to begin with,...it
is the same thing. Your firewall is doing absolutley nothing to protect
you,...in fact, it is doing just the opposite,...it is exposing you.
But, in that firewall we cannot control internet access to
users and etc. so, we want's to deploy the isa server.
Sounds good.
but, we understand in isa server cannot do mulitiple nat it can be
one-to-one only.
Correct,...ISA is primarily a "proxy" server not a NAT Server. NAT and
proxying are two different technologies.
Can I install RRAS and ISA 2004 same box?
Yes. ISA uses RRAS and the "engine" for the VPN abilities and I believe it
effects the SecureNAT Services of ISA.
If possible. can we use RRAS NAT to configure multiple nat address and
configure ISA
2004 on same box is ok?
No, you cannot. And ISA is the "boss" over RRAS and RRAS should not be
configured separately from ISA. ISA configures RRAS "behind the scenes" for
its own purposes (particularly VPN stuff). Any independent configuring of
RRAS should only be done when you know exactly what you are doing with it,
and "why", and "how" it might adversly effect other things.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
|
|
|
| Back to top |
|
|
Phillip Windell
Guest
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in