Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
1 post • Page 1 of 1
Hello Dears, I m confuse always regarding the simple question but i want to confirm?? Please find the attached diagram: If my ISA server has 2 NIC cards,internal and External,external NIC has a public IP and is connecting to Internet Router,and internal is connecting to LAN Switch do i have to do Natting overload on the internet router for internal users ??????????????? the Internet router has default route to the ISP router, I think NO i don have to do natting because ISA is doing a routing between the 2 NICs, correct me if i m wrong.??? 2nd Scenario, If i keep my ISA ONLY with Internal LAN IP Subnet no external NIC and if i do a natting overload on internet router for users accessing internet would users will be able to go on the internet??????? The users should go on the internet,correct me if i m wrong.??? I would have tried this but production will affect,so i want to confirm from yourll. Thanks, Message was edited by: adamgibs7
If your ISA server has 2 NICs (external and internal), you would need to perform NAT on the ISA server so traffic going through the ISA server will be PATed to the external ip address of the ISA server before being routed towards the internet router. In this case, your internet router does not need to perform NAT/PAT. Connection between the ISA server external interface and the internet router will be the public subnet range. If you only have 1 NIC on your ISA server, ie: internal subnet, then internet router needs to be configured to perform the NAT/PAT. In this case, the connection between the ISA server internal interface and the internet router will be the private/internal subnet range. Hope that helps.
Thanks halijenn, In 1st Scenario, The ISA server is acting as Proxy server (users configuring ISA IP address in thier browser) and as well as a Firewall facing the internet,correct me if i m wrong??? In 2nd Scenario, Means when users configure the proxy server (ISA Server) Ip Address in their browser.The ISA server is acting as a proxy server for the Internet ONLY with no firewall security. OR its optional also we can configure as a proxy server and firewall security features when the ISA is in inside LAN too. Thanks