Download - How to Configure ISA Server 2006
-
8/13/2019 How to Configure ISA Server 2006
1/42
ISA SERVER 2006 August 7, 2010
1
Content
I. Introduction to ISA2006a. What is ISA............b. ISA2006 and Feature...c. Benefit of ISA2006..
II. Requirement to install ISA2006III. Install ISA2006IV. Configuration
a. Choosing template...b. Route..c. NAT...d. VPN...e. Firewall rulesf. Proxy..g. Bandwidth control...h. Backup Configuration file..
Introductiona. What is ISA Server?Microsoft Internet Security and
Acceleration Server (ISA Server)is described by Microsoft as an"integrated edge security gateway". Originating as Microsoft Proxy
Server, ISAis a Firewalling & Security product based on MicrosoftWindows primarily designed to securely publish web servers and
other server systems, provide Stateful, Application-LayerFirewalling, act as a VPN endpoint, and provide Internet Access for
client systems in a Business Networking environment.b.ISA2006 and Feature? ISA Server 2006was released on 17
October 2006.It was an updated version of ISA 2004, and retainedmost features. One criticism of all Microsoft ISA server versions todate is the lack of native support for a "fail-over" or secondary WANconnection.This would enable two (or more) separate network
interfaces, to be configured to two separate ISP, allowing leverageof multiple cheap ADSL connections and failover. It has the followingfeatures:
o Secure Remote Access to Internal Microsoft Servero Virtual Private Network (VPN)o Managemento Monitoring and Reporto Multi-Networkingo Advance Firewall Protectiono Authenticationo Server Publishingo Performance
c. Benefit of ISA2006?
-
8/13/2019 How to Configure ISA Server 2006
2/42
ISA SERVER 2006 August 7, 2010
2
o Easy to manage and controlo Export and Importo Real-time monitoring and logo Multi-layer firewallo Application layer filteringo Authenticationo Secure webo Cache ruleso Http compressiono Support LDAP authenticationo Delegation of Basic authenticationo Unique per network policieso etc.
Requirement to install ISA2006
a. A personal computer with a 733-megahertz (MHz) or fasterprocessor.
b. Microsoft Windows Server 2003 operating system with ServicePack 1 (SP1) or Microsoft Windows Server 2003 R2 operatingsystem.Note the following:
o You can not install ISA Server 2006 on 64-bit versions ofWindows Server 2003 operating systems.
o When ISA Server 2006 is installed as a domain member, ISAServer Standard Edition can be installed only in a WindowsServer 2003 or Windows Server 2000 domain.
c. 512 megabytes (MB) of memory.d. 150 MB of available hard disk space. This is exclusive of hard diskspace you want to use for caching.e. One network adapter that is compatible with the computer'soperating system, for communication with the internal network.f. An additional network adapter for each network connected to theISA Server computer.g. One local hard disk partition that is formatted with the NTFS filesystem.
-
8/13/2019 How to Configure ISA Server 2006
3/42
ISA SERVER 2006 August 7, 2010
3
Now my computer have three network card for use in my machineo One for connect to ISP ( Internet 172.16.1.0/21)o One for connect to LAN Mail Server (192.168.1.0/24 )o One more for connect to LAN Client range ( 10.10.10.0/8 )
Now we Insert the disk ISA 2006 to our CD-ROM then it appear thismessage for install choose Install ISA Server 2006
After that we click the Next to process next step of installation ISA
-
8/13/2019 How to Configure ISA Server 2006
4/42
ISA SERVER 2006 August 7, 2010
4
Then we click on I accept the terms in the license agreement to
support license of ISA Server Next to next step of installation ISA
And for this step we put the user name that control on our machinethat install ISA Server, name of Organization & Serial number tosupport license of ISA Server Next to next step for installation.
After that this is the function of ISA Server that we can choose touse in our company like Install ISA Server services for configureproxy or other services we can configure to use in company Next.
-
8/13/2019 How to Configure ISA Server 2006
5/42
ISA SERVER 2006 August 7, 2010
5
For this step we choose the path of the ISA server that we install onour machine Configuration Storage server Next continue.
And for this point we choose Create New ISA Server enterprise forthe install of new ISA Server in machine Next continue.
-
8/13/2019 How to Configure ISA Server 2006
6/42
ISA SERVER 2006 August 7, 2010
6
And for this message it appear to warning after we choose thecreate new ISA Server enterprise or we can change Next to
continue.
And for this point we choose the range of IP address for networkInternal to client Add to add range IP.
And this point we add the network card range of Internal IP addressof client address
OK.
-
8/13/2019 How to Configure ISA Server 2006
7/42
ISA SERVER 2006 August 7, 2010
7
After that we choose the network card of Internal range for clientOK
And this is the range of IP address that have assign on network cardwe can choose OK.
-
8/13/2019 How to Configure ISA Server 2006
8/42
ISA SERVER 2006 August 7, 2010
8
After we finished add IP address see like this in box Next continue
And this point is the option that firewall connection encryptionbetween client and server ISA
And these messages it show that in ISA server have more serviceslike (SNMP, FTP, NNTP, IIS, WWWPS, ICF, ICS, & IPNAT )
-
8/13/2019 How to Configure ISA Server 2006
9/42
ISA SERVER 2006 August 7, 2010
9
And this message we click to install TAB for process of installation
ISA
This is the process of install ISA
And this is the process of success installation one step ISA server
-
8/13/2019 How to Configure ISA Server 2006
10/42
ISA SERVER 2006 August 7, 2010
10
Now we have finished of installation ISA server Proxy choose tofinished TAB.
Now we to console ISA Server and my company have three LAN ofNetwork so I need to choose of the three Leg ISA Server.
Choose next to process of next Template leg network
-
8/13/2019 How to Configure ISA Server 2006
11/42
ISA SERVER 2006 August 7, 2010
11
Click next to process of Template leg ISA changing
And this point we choose the range of IP address Internal network (LAN client ) Next continue
And this point we choose the range of IP address perimeter network( LAN server ) Next continue
-
8/13/2019 How to Configure ISA Server 2006
12/42
ISA SERVER 2006 August 7, 2010
12
And for this point we choose the Firewall policy of the leg template
block all option default ISA Server it block all
This is the step of finished choose three leg network finished
-
8/13/2019 How to Configure ISA Server 2006
13/42
ISA SERVER 2006 August 7, 2010
13
After that we choose to apply on console ISA server to apply Rulethat we create for LAN network
Click to Ok for support the apply leg ISA Server
Now if we want to route from LAN to ISP must create rule to applyto Networks Create a network Rule.
-
8/13/2019 How to Configure ISA Server 2006
14/42
ISA SERVER 2006 August 7, 2010
14
This is we put the name of network rule that to remember for apply
We choose the network traffic source add for select the sourcenetwork.
-
8/13/2019 How to Configure ISA Server 2006
15/42
ISA SERVER 2006 August 7, 2010
15
Now we select he network source in our LAN ( Internal or client ) Add
And after we add see like this in box network traffic source Nextcontinue step.
-
8/13/2019 How to Configure ISA Server 2006
16/42
ISA SERVER 2006 August 7, 2010
16
Now we choose the Network traffic Destination add for select thenetwork card that we want.
And for my destination that I create for LAN serve so I must selectthe perimeter Add
-
8/13/2019 How to Configure ISA Server 2006
17/42
ISA SERVER 2006 August 7, 2010
17
After that we see the perimeter in box network destination Nextcontinue process
And for the Network LAN can connected to gather we choose theRouter protocol it can route Two LAN can connectedNext
-
8/13/2019 How to Configure ISA Server 2006
18/42
ISA SERVER 2006 August 7, 2010
18
Now it complete the create rule for route difference LAN Finish
After finished we click on the Apply OK for apply to rule ISAserver
-
8/13/2019 How to Configure ISA Server 2006
19/42
ISA SERVER 2006 August 7, 2010
19
Then we can see like this on console ISA server
Now we create new rule for route from server to internet by click onCreate new a network rule
-
8/13/2019 How to Configure ISA Server 2006
20/42
ISA SERVER 2006 August 7, 2010
20
This point we give the name of rule Next continue
Now we choose the source network traffic perimeter add
-
8/13/2019 How to Configure ISA Server 2006
21/42
ISA SERVER 2006 August 7, 2010
21
After add we can see perimeter ( server LAN ) in box network trafficNext continue process of create rule
And destination we choose the external ( ISP ) Add Next
-
8/13/2019 How to Configure ISA Server 2006
22/42
ISA SERVER 2006 August 7, 2010
22
And this point we see the external destination traffic in box Next
And for the protocol that we use for route from mail server tointernet use the protocol NAT for route Next
-
8/13/2019 How to Configure ISA Server 2006
23/42
ISA SERVER 2006 August 7, 2010
23
This is the finished of the create rule can see in this finish tocomplete create rule
After that we see the rule and protocol on the ISA console like below
-
8/13/2019 How to Configure ISA Server 2006
24/42
ISA SERVER 2006 August 7, 2010
24
After that we click on the Apply tab OK to apply rule that we newcreate with the ISA server
Now we create one more new rule for route from client to ISP byclick on create a network rule
-
8/13/2019 How to Configure ISA Server 2006
25/42
ISA SERVER 2006 August 7, 2010
25
And we give the name of rule that we new create Next
And this is we add the source network for client internal Nextcontinue
-
8/13/2019 How to Configure ISA Server 2006
26/42
ISA SERVER 2006 August 7, 2010
26
After add the network card to we see like this in box source networktraffic next continue
And we add the external ( ISP network card ) next to continue
-
8/13/2019 How to Configure ISA Server 2006
27/42
ISA SERVER 2006 August 7, 2010
27
After that we see the interface of network card ISP that we add todestination network rule traffic
And this point we choose the protocol that use for route from clientto use access to internet
next continue
-
8/13/2019 How to Configure ISA Server 2006
28/42
ISA SERVER 2006 August 7, 2010
28
Now we finished for create new rule finished
Now we click on apply OK to apply new rule that we created
-
8/13/2019 How to Configure ISA Server 2006
29/42
ISA SERVER 2006 August 7, 2010
29
And this is the new rule it show on console ISA server that wecreate at the moment
Now I create new network interface for internet assign IP address byto : Networks create a new networks put the name of networkinterface Next continue
-
8/13/2019 How to Configure ISA Server 2006
30/42
ISA SERVER 2006 August 7, 2010
30
And after that we choose the external network ( external=internet )next continue
Then we put the IP address range of interface internetAdd RangeOK Next
-
8/13/2019 How to Configure ISA Server 2006
31/42
ISA SERVER 2006 August 7, 2010
31
After that this is the range of IP address that we add the momentthis IP address according to the range that ISP provide Next
Now it finished to create the range of IP address finished
-
8/13/2019 How to Configure ISA Server 2006
32/42
ISA SERVER 2006 August 7, 2010
32
Choose to apply OK for apply the interface connection that wecreated for interface
Then we create new access rule that we create for allow or denyprotocol to each LAN access Next
-
8/13/2019 How to Configure ISA Server 2006
33/42
ISA SERVER 2006 August 7, 2010
33
After that we allow protocol for each LAN can know to gather
And this is the protocol that we allow access from mail server tointernet we can add more according to requirement next
-
8/13/2019 How to Configure ISA Server 2006
34/42
ISA SERVER 2006 August 7, 2010
34
Choose the source that to access is mail server next
After that we choose the destination that we allow access from mailserver to internet
add
next
-
8/13/2019 How to Configure ISA Server 2006
35/42
ISA SERVER 2006 August 7, 2010
35
And this is the users that we allow from our domain to accessinternet by use machine server mail next continue
Now it finished to allow protocol that we use to access internet frommail server machine finished
-
8/13/2019 How to Configure ISA Server 2006
36/42
ISA SERVER 2006 August 7, 2010
36
Choose the apply OK for apply to protocol that we choose at themoment
Now we create the new protocol access from client to internet clickon create new rule put the name of rule next
-
8/13/2019 How to Configure ISA Server 2006
37/42
ISA SERVER 2006 August 7, 2010
37
And choose the allow for client can access to internet next
After that we choose protocol that we allow access from client tointernet click on add select the protocol next
-
8/13/2019 How to Configure ISA Server 2006
38/42
ISA SERVER 2006 August 7, 2010
38
Now select the source of rule access is LAN client next
And this is we choose the destination of allow access from client isinternet next to continue
-
8/13/2019 How to Configure ISA Server 2006
39/42
-
8/13/2019 How to Configure ISA Server 2006
40/42
ISA SERVER 2006 August 7, 2010
40
Click on the apply OK for apply rule to new allow protocol
Now I create new network rule that can route from mail server toISA and route from ISA to mail server it route the interface this toconnected next for continue
-
8/13/2019 How to Configure ISA Server 2006
41/42
ISA SERVER 2006 August 7, 2010
41
And for this we allow for access from ISA to mail server and mailserver to ISA next continue
And this is the protocol that we allow access from mail server to ISA& ISA to mail server to add next continue
This is the user that allow to access from ISA to mail server & mailserver to ISA by add next continue
-
8/13/2019 How to Configure ISA Server 2006
42/42
ISA SERVER 2006 August 7, 2010
Click to finish for end process of allow access rule in LAN
Apply OK for apply rule that we create at the moment for ISAServer proxy