Configure ISA server behind a PIX 535

Discussion in 'Cisco' started by asr, Jan 6, 2006.

  1. asr

    asr Guest

    I have a PIX 535 bundle , running 7.0. I need to setup a ISA server as
    a web proxy, Secure NAT and the Firewall client. I am planning to have
    the ISA server connected to PIX inside segment only and configure NAT
    for the ISA server on the PIX. The ISA server is connected only to the
    inside segmnet and there is no external interface. I want to find out
    if I could implemnet all 3 features according to my plan of
    configuration and what port configuartion is needed on the PIX and any
    special configuration is needed for the browser or the client PCs to
    implement all the above features on the ISA server.
    asr, Jan 6, 2006
    1. Advertisements

  2. asr

    Town Dummy Guest

    It is possible to follow the plan that you have outlined.

    Set your inside address with this command:
    ip address inside

    The next command that will help you more than anything is the static command
    as shown below:

    static (inside,outside) netmask
    0 0

    This will help you NOT double nat and make everything that you want to move
    through the ISA as default route out of your LAN. NAT will also be handled
    by the ISA. After we ran this setup for a year, we dumped the ISA and put
    in Websense that works with the PIX and does real Proxy. If you have the
    ISA license then go for it. If you don't then re-think the ISA.
    Town Dummy, Jan 7, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.