List Info

Thread: PIX ad ISA 2004 back to back
PIX ad ISA 2004 back to back
country flaguser name
United States		 2007-05-16 16:56:49 

  


  

    




  



    

            
Hi friends,
  
 
  
Thanks for reply. How are you doing? HEre is the more detail.
  
a. 1 x Central Office should be installed with ISA 2004 integrated with PIX 515e Firewall and Websense Enterprise 6.3.
b. 7 x Regional Offices are connected to Central Office via VPN by PIX 515e firewalls. All regions should be able to communicate with Central Office and Central Office with Regions after applying ISA. 
c. ISA 2004 should functions as first firewall in the LAN and replace the Activity of PIX 515e Firewall as Default Gateway. (Currently PIX 515e is a default gateway for LAN in Central office)
d. After installation of ISA 2004 and integration with PIX 515e Firewall all regions should be able to access their pop3 accounts normally without any time delay increase. 
e. Exchange server 2003 should be published in ISA and must be accessible from outside. 
  
We want to do it in this way, we want to do double fir
 ewalling, PIX
 515 will face the Internet, PIX is also VPN gate way 7 braches, connected s2s VPN. I attached the current config of the PIX firewall. Before we tried, we put the ISA 2004 between PIX and LAN, inside the LAN in central office, users were able to browse internet, but users from remote sites, connected through S2S VPN, were not able to access the exchange sitting in LAN of central office. 
  
Network Layout :
       ;           ;           ;           ;           ;  Pix > DMZ > ISA Server 2004 > Exchange Server 2003 + Users.
  
Pix outside IP Address :211.24.240.212 255.255.255.248
Pix inside IP Address : 172.16.0.1 255.255.0.0
ISA Server outside IP : 172.16.0.2 255.255.0.0
ISA S
 erver
 inside IP : 10.0.0.1 255.0.0.0
  
Sir if you need more info, please let me know
  
Thanks
 
      
Need a vacation? Get great deals 
to amazing places on Yahoo! Travel. 

    
  

    
    __._,_.___
    
     
    
    
  
.


    


__,_._,___



  

  
  
   
     
    

  

    RE:  PIX ad ISA 2004 back to back
  


  

     country flaguser name
United States		
     2007-05-18 01:18:08
  


  

    

  


  

    




  



    

            
In order to access your Exchange, you need to do Statically nat Exchange 

server in Pix, and for ISA You need to write a Permit all rule in your pix.



when you are doing these two things, make sure that there is proper no-nat 

statements. i wish it will solve your issue.



Thanks

Raj



&gt;From: Zia Khan < zia_khan2k%40yahoo.com">zia_khan2kyahoo.com>

>;Reply-To:  PIX_Firewall%40yahoogroups.com">PIX_Firewallyahoogroups.com

>To:  aaronr%40imcu.com">aaronrimcu.com,  pix_firewall%40yahoogroups.com">pix_firewallyahoogroups.com

>Subject: [PIX_Firewall] PIX ad ISA 2004 back to back

>;Date: Wed, 16 May 2007 14:56:49 -0700 (PDT)

&gt;

>Hi friends,


>

>;   Thanks for reply. How are you doing? HEre is the more detail.

>   a. 1 x Central Office should be installed with ISA 2004 integrated with 

>PIX 515e Firewall and Websense Enterprise 6.3.

>;b. 7 x Regional Offices are connected to Central Office via VPN by PIX 515e 

>firewalls. All regions should be able to communicate with Central Office 

>and Central Office with Regions after applying ISA.

>;c. ISA 2004 should functions as first firewall in the LAN and replace the 

>Activity of PIX 515e Firewall as Default Gateway. (Currently PIX 515e is a 

>default gateway for LAN in Central office)

>d. After installation of ISA 2004 and integration with PIX 515e Firewall 

>all regions should be able to access their pop3 accounts normally without 

>any time delay increase.

>e. Exchange server 2003 should be published in ISA and must be accessible 

>from outside.


>   We want to do it in this way, we want to do double firewalling, PIX 515 

>will face the Internet, PIX is also VPN gate way 7 braches, connected s2s 

>VPN. I attached the current config of the PIX firewall. Before we tried, we 

>put the ISA 2004 between PIX and LAN, inside the LAN in central office, 

>users were able to browse internet, but users from remote sites, connected 

>through S2S VPN, were not able to access the exchange sitting in LAN of 

>central office.

>   Network Layout :

>                                                      Pix > DMZ > ISA 

>Server 2004 > Exchange Server 2003 + Users.

&gt;   Pix outside IP Address :211.24.240.212 255.255.255.248

&gt;Pix inside IP Address : 172.16.0.1 255.255.0.0

>ISA Server outside IP : 172.16.0.2 255.255.0.0

>ISA Server inside IP : 10.0.0.1 255.0.0.0

>   Sir if you need more info, please let me know

>;   Thanks

&gt;

>

>---------------------------------


>Need a vacation? Get great deals to amazing places on Yahoo! Travel.



__________________________________________________________

Shaadi.com Matrimonials. Register FREE! 

http://www.shaadi.com/ptnr.php?ptnr=mhottag





    
  

    
    __._,_.___
    
     
    
    
  
.


    


__,_._,___



  

  
  
   
     
    






 [1-2]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )