ISA Server 2004 external interaface question

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Guys,

Need some advice. I am setting up an ISA Server in a department. The
organisation already has an upstream squid Proxy.

All our current traffic is routed through the squid.

We would like to setup an additional proxy running ISA 2004 for our
department.

What is the best setup?
How does the external interface know where to send all internal traffic to?

Obviously with this setup I plan to use two intefaces, one for the external
and other for the internal interface. I am not sure whether to use firewall
clients or NAT clients. Does the physical network cabling path need to be
for any of these methods, for example to ensure all traffic goes through
ISA, or can this be done through access control lists in the router?


Thank You for all your help.

 

[Mike]

Archived from groups: comp.security.firewalls (More info?)

"Billy K" <private@hotmail.com> wrote in message
news:40bdc88b@news.comindico.com.au...
> Guys,
>
> Need some advice. I am setting up an ISA Server in a department. The
> organisation already has an upstream squid Proxy.
>
> All our current traffic is routed through the squid.
>
> We would like to setup an additional proxy running ISA 2004 for our
> department.

Why?

> What is the best setup?
> How does the external interface know where to send all internal traffic
to?

By the gateway address.


> Obviously with this setup I plan to use two intefaces, one for the
external
> and other for the internal interface. I am not sure whether to use
firewall
> clients or NAT clients. Does the physical network cabling path need to be
> for any of these methods, for example to ensure all traffic goes through
> ISA, or can this be done through access control lists in the router?

I'm sorry but I haven't got the faintest idea of where you are coming from!

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

What kind of policy would direct traffic to the default gateway?





"Mike" <nospam@notherematey.com> wrote in message
news:c9kit2$cds$1@thorium.cix.co.uk...
>
> "Billy K" <private@hotmail.com> wrote in message
> news:40bdc88b@news.comindico.com.au...
> > Guys,
> >
> > Need some advice. I am setting up an ISA Server in a department. The
> > organisation already has an upstream squid Proxy.
> >
> > All our current traffic is routed through the squid.
> >
> > We would like to setup an additional proxy running ISA 2004 for our
> > department.
>
> Why?
>
> > What is the best setup?
> > How does the external interface know where to send all internal traffic
> to?
>
> By the gateway address.
>
>
> > Obviously with this setup I plan to use two intefaces, one for the
> external
> > and other for the internal interface. I am not sure whether to use
> firewall
> > clients or NAT clients. Does the physical network cabling path need to
be
> > for any of these methods, for example to ensure all traffic goes through
> > ISA, or can this be done through access control lists in the router?
>
> I'm sorry but I haven't got the faintest idea of where you are coming
from!
>
>

 

[Mike]

Archived from groups: comp.security.firewalls (More info?)

"Billy K" <private@hotmail.com> wrote in message
news:40bdcf79@news.comindico.com.au...
> What kind of policy would direct traffic to the default gateway?

No offence, but you need to go and read a book about TCP/IP networking.
Policies have nothing to do with this (ish). Its basic networking 101. If
you don't understand the basics you have no chance of getting ISA server
working the way you want.

And after that read another one about top posting in newsgroups

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I understand default gateways and TCP/IP well, although I do not claim to be
an expert. In my initial post I informed that I am at a department level of
a large organisation. The default gateway for my network and all machines
in my network is our local router port.

However this is not the default gateway or last hop for the entire
organisation, and I doubt I set this IP address as my default gateway. I am
in a different subnet. All machines are also configured to use the upstream
proxy, which I am not trying to bypass.

Can someone clarify this for me?




"Mike" <nospam@notherematey.com> wrote in message
news:c9ko3i$f0k$1@thorium.cix.co.uk...
>
> "Billy K" <private@hotmail.com> wrote in message
> news:40bdcf79@news.comindico.com.au...
> > What kind of policy would direct traffic to the default gateway?
>
> No offence, but you need to go and read a book about TCP/IP networking.
> Policies have nothing to do with this (ish). Its basic networking 101. If
> you don't understand the basics you have no chance of getting ISA server
> working the way you want.
>
> And after that read another one about top posting in newsgroups
>
>

 

[Mike]

Archived from groups: comp.security.firewalls (More info?)

"Billy K" <private@hotmail.com> wrote in message
news:40bef9a0@news.comindico.com.au...
> I understand default gateways and TCP/IP well, although I do not claim to
be
> an expert. In my initial post I informed that I am at a department level
of
> a large organisation. The default gateway for my network and all machines
> in my network is our local router port.
>
> However this is not the default gateway or last hop for the entire
> organisation, and I doubt I set this IP address as my default gateway. I
am
> in a different subnet. All machines are also configured to use the
upstream
> proxy, which I am not trying to bypass.
>
> Can someone clarify this for me?
>
>
>
>
> "Mike" <nospam@notherematey.com> wrote in message
> news:c9ko3i$f0k$1@thorium.cix.co.uk...
> >
> > "Billy K" <private@hotmail.com> wrote in message
> > news:40bdcf79@news.comindico.com.au...
> > > What kind of policy would direct traffic to the default gateway?
> >
> > No offence, but you need to go and read a book about TCP/IP networking.
> > Policies have nothing to do with this (ish). Its basic networking 101.
If
> > you don't understand the basics you have no chance of getting ISA server
> > working the way you want.
> >
> > And after that read another one about top posting in newsgroups

You didn't read the book about top posting did you?

Your default gateway will be your router.