how to configure isa server 2006

8/13/2019 How to Configure ISA Server 2006

1/42

ISA SERVER 2006 August 7, 2010

1

Content

I. Introduction to ISA2006a. What is ISA............b. ISA2006 and Feature...c. Benefit of ISA2006..

II. Requirement to install ISA2006III. Install ISA2006IV. Configuration

a. Choosing template...b. Route..c. NAT...d. VPN...e. Firewall rulesf. Proxy..g. Bandwidth control...h. Backup Configuration file..

Introductiona. What is ISA Server?Microsoft Internet Security and

Acceleration Server (ISA Server)is described by Microsoft as an"integrated edge security gateway". Originating as Microsoft Proxy

Server, ISAis a Firewalling & Security product based on MicrosoftWindows primarily designed to securely publish web servers and

other server systems, provide Stateful, Application-LayerFirewalling, act as a VPN endpoint, and provide Internet Access for

client systems in a Business Networking environment.b.ISA2006 and Feature? ISA Server 2006was released on 17

October 2006.It was an updated version of ISA 2004, and retainedmost features. One criticism of all Microsoft ISA server versions todate is the lack of native support for a "fail-over" or secondary WANconnection.This would enable two (or more) separate network

interfaces, to be configured to two separate ISP, allowing leverageof multiple cheap ADSL connections and failover. It has the followingfeatures:

o Secure Remote Access to Internal Microsoft Servero Virtual Private Network (VPN)o Managemento Monitoring and Reporto Multi-Networkingo Advance Firewall Protectiono Authenticationo Server Publishingo Performance

c. Benefit of ISA2006?


2/42


2

o Easy to manage and controlo Export and Importo Real-time monitoring and logo Multi-layer firewallo Application layer filteringo Authenticationo Secure webo Cache ruleso Http compressiono Support LDAP authenticationo Delegation of Basic authenticationo Unique per network policieso etc.

Requirement to install ISA2006

a. A personal computer with a 733-megahertz (MHz) or fasterprocessor.

b. Microsoft Windows Server 2003 operating system with ServicePack 1 (SP1) or Microsoft Windows Server 2003 R2 operatingsystem.Note the following:

o You can not install ISA Server 2006 on 64-bit versions ofWindows Server 2003 operating systems.

o When ISA Server 2006 is installed as a domain member, ISAServer Standard Edition can be installed only in a WindowsServer 2003 or Windows Server 2000 domain.

c. 512 megabytes (MB) of memory.d. 150 MB of available hard disk space. This is exclusive of hard diskspace you want to use for caching.e. One network adapter that is compatible with the computer'soperating system, for communication with the internal network.f. An additional network adapter for each network connected to theISA Server computer.g. One local hard disk partition that is formatted with the NTFS filesystem.


3/42


3

Now my computer have three network card for use in my machineo One for connect to ISP ( Internet 172.16.1.0/21)o One for connect to LAN Mail Server (192.168.1.0/24 )o One more for connect to LAN Client range ( 10.10.10.0/8 )

Now we Insert the disk ISA 2006 to our CD-ROM then it appear thismessage for install choose Install ISA Server 2006

After that we click the Next to process next step of installation ISA


4/42


4

Then we click on I accept the terms in the license agreement to

support license of ISA Server Next to next step of installation ISA

And for this step we put the user name that control on our machinethat install ISA Server, name of Organization & Serial number tosupport license of ISA Server Next to next step for installation.

After that this is the function of ISA Server that we can choose touse in our company like Install ISA Server services for configureproxy or other services we can configure to use in company Next.


5/42


5

For this step we choose the path of the ISA server that we install onour machine Configuration Storage server Next continue.

And for this point we choose Create New ISA Server enterprise forthe install of new ISA Server in machine Next continue.


6/42


6

And for this message it appear to warning after we choose thecreate new ISA Server enterprise or we can change Next to

continue.

And for this point we choose the range of IP address for networkInternal to client Add to add range IP.

And this point we add the network card range of Internal IP addressof client address

OK.


7/42


7

After that we choose the network card of Internal range for clientOK

And this is the range of IP address that have assign on network cardwe can choose OK.


8/42


8

After we finished add IP address see like this in box Next continue

And this point is the option that firewall connection encryptionbetween client and server ISA

And these messages it show that in ISA server have more serviceslike (SNMP, FTP, NNTP, IIS, WWWPS, ICF, ICS, & IPNAT )


9/42


9

And this message we click to install TAB for process of installation

ISA

This is the process of install ISA

And this is the process of success installation one step ISA server


10/42


10

Now we have finished of installation ISA server Proxy choose tofinished TAB.

Now we to console ISA Server and my company have three LAN ofNetwork so I need to choose of the three Leg ISA Server.

Choose next to process of next Template leg network


11/42


11

Click next to process of Template leg ISA changing

And this point we choose the range of IP address Internal network (LAN client ) Next continue

And this point we choose the range of IP address perimeter network( LAN server ) Next continue


12/42


12

And for this point we choose the Firewall policy of the leg template

block all option default ISA Server it block all

This is the step of finished choose three leg network finished


13/42


13

After that we choose to apply on console ISA server to apply Rulethat we create for LAN network

Click to Ok for support the apply leg ISA Server

Now if we want to route from LAN to ISP must create rule to applyto Networks Create a network Rule.


14/42


14

This is we put the name of network rule that to remember for apply

We choose the network traffic source add for select the sourcenetwork.


15/42


15

Now we select he network source in our LAN ( Internal or client ) Add

And after we add see like this in box network traffic source Nextcontinue step.


16/42


16

Now we choose the Network traffic Destination add for select thenetwork card that we want.

And for my destination that I create for LAN serve so I must selectthe perimeter Add


17/42


17

After that we see the perimeter in box network destination Nextcontinue process

And for the Network LAN can connected to gather we choose theRouter protocol it can route Two LAN can connectedNext


18/42


18

Now it complete the create rule for route difference LAN Finish

After finished we click on the Apply OK for apply to rule ISAserver


19/42


19

Then we can see like this on console ISA server

Now we create new rule for route from server to internet by click onCreate new a network rule


20/42


20

This point we give the name of rule Next continue

Now we choose the source network traffic perimeter add


21/42


21

After add we can see perimeter ( server LAN ) in box network trafficNext continue process of create rule

And destination we choose the external ( ISP ) Add Next


22/42


22

And this point we see the external destination traffic in box Next

And for the protocol that we use for route from mail server tointernet use the protocol NAT for route Next


23/42


23

This is the finished of the create rule can see in this finish tocomplete create rule

After that we see the rule and protocol on the ISA console like below


24/42


24

After that we click on the Apply tab OK to apply rule that we newcreate with the ISA server

Now we create one more new rule for route from client to ISP byclick on create a network rule


25/42


25

And we give the name of rule that we new create Next

And this is we add the source network for client internal Nextcontinue


26/42


26

After add the network card to we see like this in box source networktraffic next continue

And we add the external ( ISP network card ) next to continue


27/42


27

After that we see the interface of network card ISP that we add todestination network rule traffic

And this point we choose the protocol that use for route from clientto use access to internet

next continue


28/42


28

Now we finished for create new rule finished

Now we click on apply OK to apply new rule that we created


29/42


29

And this is the new rule it show on console ISA server that wecreate at the moment

Now I create new network interface for internet assign IP address byto : Networks create a new networks put the name of networkinterface Next continue


30/42


30

And after that we choose the external network ( external=internet )next continue

Then we put the IP address range of interface internetAdd RangeOK Next


31/42


31

After that this is the range of IP address that we add the momentthis IP address according to the range that ISP provide Next

Now it finished to create the range of IP address finished


32/42


32

Choose to apply OK for apply the interface connection that wecreated for interface

Then we create new access rule that we create for allow or denyprotocol to each LAN access Next


33/42


33

After that we allow protocol for each LAN can know to gather

And this is the protocol that we allow access from mail server tointernet we can add more according to requirement next


34/42


34

Choose the source that to access is mail server next

After that we choose the destination that we allow access from mailserver to internet

add

next


35/42


35

And this is the users that we allow from our domain to accessinternet by use machine server mail next continue

Now it finished to allow protocol that we use to access internet frommail server machine finished


36/42


36

Choose the apply OK for apply to protocol that we choose at themoment

Now we create the new protocol access from client to internet clickon create new rule put the name of rule next


37/42


37

And choose the allow for client can access to internet next

After that we choose protocol that we allow access from client tointernet click on add select the protocol next


38/42


38

Now select the source of rule access is LAN client next

And this is we choose the destination of allow access from client isinternet next to continue


39/42


40/42


40

Click on the apply OK for apply rule to new allow protocol

Now I create new network rule that can route from mail server toISA and route from ISA to mail server it route the interface this toconnected next for continue


41/42


41

And for this we allow for access from ISA to mail server and mailserver to ISA next continue

And this is the protocol that we allow access from mail server to ISA& ISA to mail server to add next continue

This is the user that allow to access from ISA to mail server & mailserver to ISA by add next continue


42/42


Click to finish for end process of allow access rule in LAN

Apply OK for apply rule that we create at the moment for ISAServer proxy

how to configure isa server 2006

Documents