Configuring Networks


A network is one or more IP addresses that designate network devices. Several preconfigured networks exist. Each of the following networks is created on the ISA server with the installation.

  • Internal All IP addresses associated with the internal network adapter.

  • External All IP addresses that are not defined, or "everything else." You cannot configure or customize this network.

  • Local Host This represents the ISA server itself, and includes the IP addresses bound to the ISA server, and 127.0.0.1. There is also an Enterprise Local Host, which identifies each ISA server in an array along with its unique Local Host addresses.

  • VPN Clients and Quarantined VPN Clients networks These two networks are automatically populated when a VPN client or gateway connects to the ISA server; the Quarantined VPN Clients network is populated only when VPN Quarantine is enabled and systems meet the quarantine criteria.

Note 

ISA Server Enterprise Edition has what are known as enterprise networks. These networks are configured at the enterprise—rather than the array—level. You can follow the same procedures for creating and editing enterprise networks, but will manage them in the ISA Server Management console by navigating to the Enterprise node, then selecting the Enterprise Networks node.

Creating a new network object

To create a network, follow these steps:

  1. In the console tree, expand the server name, expand Configuration, and click Networks.

  2. In the task pane, click the Tasks tab. Under Network Tasks, click Create A New Network.

  3. On the Welcome To The New Network Wizard page, type a name for the new network you are creating, and click Next to continue.

  4. On the Network Type page, select one of four network types:

    • Internal Network Contains computers that exist in an environment where they are not exposed to external networks.

    • Perimeter Network Contains computers that host services published to untrusted networks.

    • VPN Site-To-Site Network Establishes a link with another network through a VPN link.

    • External Network Contains computers from untrusted networks, usually on the Internet.

    Note 

    The internal, perimeter, and external networks have the same interface to define networks. As a best practice, be sure to include the type of network you're creating in the name. The VPN Site-To-Site Network option requires that you set up the VPN connections at both sites. See Chapter 11, "Securing Virtual Private Network Access," for information on configuring this option. All other network configurations are covered here.

  5. On the Network Addresses page, choose to define the network using one or more of the following three methods, and then click Next.

    • Add Range Add a range of IP addresses you assign.

    • Add Adapter Choose one of the ISA Server computer's network adapters, and use its routing table to configure the network.

    • Add Private Add one or more of three private network ranges. As a best practice, avoid adding all of these ranges.

    Note 

    In the Enterprise Edition, when working in the Array Firewall Policies, you will also see an Add Network button that allows you to choose an enterprise network.

  6. On the Completing The New Network Wizard page, review your settings, then click Finish.

  7. Click Apply to save the changes, and then click OK to close the Apply Network Configuration dialog box.

Exporting and Importing Networks

As you make policy changes on your ISA server, you should regularly export the configuration to back up specific settings, so that if you want to restore your firewall configuration, you can import the export file you created prior to making the change.

To export one or more networks, follow these steps:

  1. In the console tree, expand the server name, expand Configuration, and click Networks.

  2. In the task pane, click the Tasks tab. Under Related Tasks, click Export Existing Networks.

  3. In the Export Configuration window, browse to the location to where you would like to save the export file, and type a filename to be given to the export file in the File Name text box. If you would like to export confidential information like user credential passwords, RADIUS shared secrets, or preshared IPSec keys, select the Export Confidential Information (Encryption Will Be Used) check box; otherwise click Export.

  4. In the Set Password window, you must specify a password with at least eight characters to be used when later importing the file. Type the password, confirm the password, and then click OK.

    Note 

    All of the confidential information included in the export file is encrypted. This step only appears if you choose to export the confidential information.

  5. In the Exporting Networks window, click OK.

To import the firewall policy, follow these steps:

  1. In the console tree, expand the server name, expand Configuration, and click Networks.

  2. In the task pane, click the Tasks tab. Under Related Tasks, click Import Networks.

  3. In the Import Configuration window, browse to the location on the disk where you saved the export XML file and select the export file to insert it into the File Name text box. If you would like to import cache drive settings and SSL certificates, select the Import Cache Drive Settings And SSL Certificates check box, and then click Import.

  4. In the Type Password To Open File window, type the name of the password associated with the export file, and click OK.

  5. In the Importing Networks window, click OK.

  6. In the details pane, click Apply to save the changes, and then click OK.

Troubleshooting Exporting and Importing Network Sets

When you export and import network sets, remember the node at which you exported the configuration. Many times administrators find that an import failed (or worse, corrupted an existing configuration) because the XML file is imported at the wrong level. If you export the entire configuration, you will be exporting the certificates that provide authentication. The export should be password-protected to reduce the risk of this information being obtained by an untrusted party.




Microsoft Internet Security and Acceleration ISA Server 2004 Administrator's Pocket Consultant
Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrators Pocket Consultant (Pro-Administrators Pocket Consultant)
ISBN: 0735621888
EAN: 2147483647
Year: 2006
Pages: 173

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net