NAT question

Discussion in 'Cisco' started by K.J. 44, Sep 6, 2006.

  1. K.J. 44

    K.J. 44 Guest

    Hi,

    I am running a router connected to a firewall connected to a single
    server running Windows Server 2003, Exchange, and ISA. I want to use
    ISA as another layer of defense so the server is multihomed. the Lan
    is connected to one NIC and the other NIC is connected to the firewall.

    My question is this. No matter what traffic is sent, whether it is
    from the server or a PC on the other side of the server, it will have a
    source address of the NIC connected to the firewall right? because ISA
    is a proxy, it makes all requests on behalf of the clients? Therefore,
    having a static NAT translation to pass information to Exchange doesn't
    make sense because all traffic will have the same source IP when it
    gets to the firewall.

    Is this correct and will this be a problem?

    Thanks.
     
    K.J. 44, Sep 6, 2006
    #1
    1. Advertising

  2. K.J. 44

    Dom Guest

    On Wed, 2006-09-06 at 13:15 -0700, K.J. 44 wrote:
    > I am running a router connected to a firewall connected to a single
    > server running Windows Server 2003, Exchange, and ISA. I want to use
    > ISA as another layer of defense so the server is multihomed. the Lan
    > is connected to one NIC and the other NIC is connected to the firewall.


    wan___router___firewall___isa___lan

    Really bad to depend on windows for network connectivity. Suppose you'll
    be learning that lesson the hard way.

    > My question is this. No matter what traffic is sent, whether it is
    > from the server or a PC on the other side of the server, it will have a
    > source address of the NIC connected to the firewall right? because ISA
    > is a proxy, it makes all requests on behalf of the clients?


    If I recall, ISA has proxy support for http/https and limited support
    for ftp. Be aware that proxy implementation will likely break certain
    features of both protocols. Other traffic will probably traverse isa as
    routed.

    > having a static NAT translation to pass information to Exchange doesn't
    > make sense because all traffic will have the same source IP when it
    > gets to the firewall.


    Like I say, probably not. Put a packet sniffer on it and find out for
    yourself. You still need to get public traffic to the exchange server
    somehow. Nat it or route it... doesn't matter. They both work.
     
    Dom, Sep 7, 2006
    #2
    1. Advertising

  3. K.J. 44

    K.J. 44 Guest

    I agree and I am using ISA in a very limited way. It came with the SBS
    package. We will not need FTP and will just use the internet
    connectivity for email, web, and VPNs into the firewall.

    What is a good packet sniffer for Windows? I have worked with Ethereal
    on Linux boxes plenty but I don't really know what a good sniffer is on
    windows.

    Thanks.

    Dom wrote:
    > On Wed, 2006-09-06 at 13:15 -0700, K.J. 44 wrote:
    > > I am running a router connected to a firewall connected to a single
    > > server running Windows Server 2003, Exchange, and ISA. I want to use
    > > ISA as another layer of defense so the server is multihomed. the Lan
    > > is connected to one NIC and the other NIC is connected to the firewall.

    >
    > wan___router___firewall___isa___lan
    >
    > Really bad to depend on windows for network connectivity. Suppose you'll
    > be learning that lesson the hard way.
    >
    > > My question is this. No matter what traffic is sent, whether it is
    > > from the server or a PC on the other side of the server, it will have a
    > > source address of the NIC connected to the firewall right? because ISA
    > > is a proxy, it makes all requests on behalf of the clients?

    >
    > If I recall, ISA has proxy support for http/https and limited support
    > for ftp. Be aware that proxy implementation will likely break certain
    > features of both protocols. Other traffic will probably traverse isa as
    > routed.
    >
    > > having a static NAT translation to pass information to Exchange doesn't
    > > make sense because all traffic will have the same source IP when it
    > > gets to the firewall.

    >
    > Like I say, probably not. Put a packet sniffer on it and find out for
    > yourself. You still need to get public traffic to the exchange server
    > somehow. Nat it or route it... doesn't matter. They both work.
     
    K.J. 44, Sep 7, 2006
    #3
  4. K.J. 44

    Merv Guest

    K.J. 44 wrote:
    > I agree and I am using ISA in a very limited way. It came with the SBS
    > package. We will not need FTP and will just use the internet
    > connectivity for email, web, and VPNs into the firewall.
    >
    > What is a good packet sniffer for Windows? I have worked with Ethereal
    > on Linux boxes plenty but I don't really know what a good sniffer is on
    > windows.


    Ethereal runs on Windows also
     
    Merv, Sep 7, 2006
    #4
  5. K.J. 44

    Dom Guest

    On Thu, 2006-09-07 at 05:50 -0700, K.J. 44 wrote:
    > What is a good packet sniffer for Windows?


    Network monitor comes with windows server.
     
    Dom, Sep 8, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Al Dykes
    Replies:
    8
    Views:
    629
    Walter Roberson
    Oct 29, 2003
  2. JCVD
    Replies:
    1
    Views:
    492
    Martin Gallagher
    Feb 13, 2004
  3. Anonymous Poster
    Replies:
    0
    Views:
    10,737
    Anonymous Poster
    Apr 26, 2004
  4. Kenny D

    Identity Nat v Exemption NAT

    Kenny D, May 8, 2004, in forum: Cisco
    Replies:
    1
    Views:
    4,106
    Walter Roberson
    May 8, 2004
  5. Sri
    Replies:
    0
    Views:
    479
Loading...

Share This Page