«

I have a PIX 535 bundle , running 7.0. I need to setup a ISA server as
a web proxy, Secure NAT and the Firewall client. I am planning to have
the ISA server connected to PIX inside segment only and configure NAT
for the ISA server on the PIX. The ISA server is connected only to the
inside segmnet and there is no external interface. I want to find out
if I could implemnet all 3 features according to my plan of
configuration and what port configuartion is needed on the PIX and any
special configuration is needed for the browser or the client PCs to
implement all the above features on the ISA server.

It is possible to follow the plan that you have outlined.

Set your inside address with this command:
ip address inside 16.65.23.225 255.255.255.252

The next command that will help you more than anything is the static command
as shown below:

static (inside,outside) 16.65.23.225 16.65.23.225 netmask 255.255.255.255
0 0

This will help you NOT double nat and make everything that you want to move
through the ISA as default route out of your LAN. NAT will also be handled
by the ISA. After we ran this setup for a year, we dumped the ISA and put
in Websense that works with the PIX and does real Proxy. If you have the
ISA license then go for it. If you don't then re-think the ISA.



"asr" <> wrote in message
news: oups.com...
>I have a PIX 535 bundle , running 7.0. I need to setup a ISA server as
> a web proxy, Secure NAT and the Firewall client. I am planning to have
> the ISA server connected to PIX inside segment only and configure NAT
> for the ISA server on the PIX. The ISA server is connected only to the
> inside segmnet and there is no external interface. I want to find out
> if I could implemnet all 3 features according to my plan of
> configuration and what port configuartion is needed on the PIX and any
> special configuration is needed for the browser or the client PCs to
> implement all the above features on the ISA server.
>