ISA Server Support for Multiple Networks
ISA Server 2004 uses networks to define blocks of IP addresses that may be directly attached to the ISA Server computer or IP addresses that may be remote networks. ISA Server uses these networks as components when you create access rules. ISA Server supports an unlimited number of networks.
What Is Multinetworking?
Multinetworking means that you can configure multiple networks on ISA Server, and then configure network and access rules that inspect and filter all network traffic between all networks. Multinetworking enables flexible options for network configuration. One common network configuration is a three-legged firewall.
In this configuration, you create three networks:
1- The servers that are accessible from the Internet are usually isolated on their own network, such as a perimeter network.
2- The internal client computers and servers that are not accessible from the Internet are located on an internal network.
3- The third network is the Internet.
ISA Server multinetworking functionality supports this configuration. You can configure how clients on the corporate network access the perimeter network, and how external clients access the perimeter network. You can also define access rules for all
network traffic flowing from the Internal network to the Internet. You can also configure the relationships between the various networks, defining different network rules between each network.
You might also need to configure a more complicated network environment. In this scenario, you could have the following:
1- Two perimeter networks Perhaps you are deploying some servers that are domain members and other servers that are stand-alone servers. The domain members need to be able to communicate with domain controllers that are located on your internal network. In this scenario, you could configure a second perimeter network for the servers that need to be members of the domain.
2- Two internal networks You might have a group of client computers that needs to access the Internet using a different application or with security rules different from the other client computers. You can create an additional internal network and configure specific Internet access rules for each network.
3- VPN client and VPN remote-site networks ISA Server defines a network for VPN clients, and you can define a network for each remote site connected with a site-to-site VPN connection.
How to Create and Modify Network Objects
For a small organization with a fairly simple network, the default network objects may provide all the configuration options required. However, in a larger organization with a more complex network environment and more complicated requirements, you may need to create and modify the network objects.
To create a new network object, use the following procedure:
1. In the Microsoft ISA Server Management Console tree, expand the Configuration node and click Networks.
2. In the Details pane, click the Network tab.
3. On the Tasks tab, click Create a New Network.
4. On the Welcome to the New Network Wizard page, in the Network Name: box,type the name for the network. Click Next.
5. On the Network Type page, select the type of network
you are creating. Select one of the following options:
. External Network
. Internal Network
. Perimeter Network
. VPN Site-To-Site Network
6. After selecting the network type, click Next.
7. If you selected an internal, perimeter, or external network type, on the Network Addresses page, click Add.
8. In the IP Address Range Properties page, type the starting and ending addresses,and then click OK.
9. On the Completing The New Network Wizard page, review the settings and then click Finish.
To modify a network, click the network in ISA Server Management Console and then click Edit Selected Network.
Multinetworking means that you can configure multiple networks on ISA Server, and then configure network and access rules that inspect and filter all network traffic between all networks. Multinetworking enables flexible options for network configuration. One common network configuration is a three-legged firewall.
In this configuration, you create three networks:
1- The servers that are accessible from the Internet are usually isolated on their own network, such as a perimeter network.
2- The internal client computers and servers that are not accessible from the Internet are located on an internal network.
3- The third network is the Internet.
ISA Server multinetworking functionality supports this configuration. You can configure how clients on the corporate network access the perimeter network, and how external clients access the perimeter network. You can also define access rules for all
network traffic flowing from the Internal network to the Internet. You can also configure the relationships between the various networks, defining different network rules between each network.
You might also need to configure a more complicated network environment. In this scenario, you could have the following:
1- Two perimeter networks Perhaps you are deploying some servers that are domain members and other servers that are stand-alone servers. The domain members need to be able to communicate with domain controllers that are located on your internal network. In this scenario, you could configure a second perimeter network for the servers that need to be members of the domain.
2- Two internal networks You might have a group of client computers that needs to access the Internet using a different application or with security rules different from the other client computers. You can create an additional internal network and configure specific Internet access rules for each network.
3- VPN client and VPN remote-site networks ISA Server defines a network for VPN clients, and you can define a network for each remote site connected with a site-to-site VPN connection.
How to Create and Modify Network Objects
For a small organization with a fairly simple network, the default network objects may provide all the configuration options required. However, in a larger organization with a more complex network environment and more complicated requirements, you may need to create and modify the network objects.
To create a new network object, use the following procedure:
1. In the Microsoft ISA Server Management Console tree, expand the Configuration node and click Networks.
2. In the Details pane, click the Network tab.
3. On the Tasks tab, click Create a New Network.
4. On the Welcome to the New Network Wizard page, in the Network Name: box,type the name for the network. Click Next.
5. On the Network Type page, select the type of network
you are creating. Select one of the following options:
. External Network
. Internal Network
. Perimeter Network
. VPN Site-To-Site Network
6. After selecting the network type, click Next.
7. If you selected an internal, perimeter, or external network type, on the Network Addresses page, click Add.
8. In the IP Address Range Properties page, type the starting and ending addresses,and then click OK.
9. On the Completing The New Network Wizard page, review the settings and then click Finish.
To modify a network, click the network in ISA Server Management Console and then click Edit Selected Network.