ISA SERVER 2006

August 7, 2010

Content I. Introduction to ISA2006 a. What is ISA............ b. ISA2006 and Feature... c. Benefit of ISA2006.. II. Requirement to install ISA2006 III. Install ISA2006 IV. Configuration a. Choosing template... b. Route.. c. NAT... d. VPN... e. Firewall rules f. Proxy.. g. Bandwidth control... h. Backup Configuration file.. Introduction a. What is ISA Server? Microsoft Internet Security and Acceleration Server (ISA Server) is described by Microsoft as an "integrated edge security gateway". Originating as Microsoft Proxy Server, ISA is a Firewalling & Security product based on Microsoft Windows primarily designed to securely publish web servers and other server systems, provide Stateful, Application-Layer Firewalling, act as a VPN endpoint, and provide Internet Access for client systems in a Business Networking environment. b. ISA2006 and Feature? ISA Server 2006 was released on 17 October 2006. It was an updated version of ISA 2004, and retained most features. One criticism of all Microsoft ISA server versions to date is the lack of native support for a "fail-over" or secondary WAN connection. This would enable two (or more) separate network interfaces, to be configured to two separate ISP, allowing leverage of multiple cheap ADSL connections and failover. It has the following features: o Secure Remote Access to Internal Microsoft Server o Virtual Private Network (VPN) o Management o Monitoring and Report o Multi-Networking o Advance Firewall Protection o Authentication o Server Publishing o Performance c. Benefit of ISA2006?
1

ISA SERVER 2006

August 7, 2010

o Easy to manage and control o Export and Import o Real-time monitoring and log o Multi-layer firewall o Application layer filtering o Authentication o Secure web o Cache rules o Http compression o Support LDAP authentication o Delegation of Basic authentication o Unique per network policies o etc. Requirement to install ISA2006 a. A personal computer with a 733-megahertz (MHz) or faster processor. b. Microsoft Windows Server 2003 operating system with Service Pack 1 (SP1) or Microsoft Windows Server 2003 R2 operating system. Note the following: o You can not install ISA Server 2006 on 64-bit versions of Windows Server 2003 operating systems. o When ISA Server 2006 is installed as a domain member, ISA Server Standard Edition can be installed only in a Windows Server 2003 or Windows Server 2000 domain. c. 512 megabytes (MB) of memory. d. 150 MB of available hard disk space. This is exclusive of hard disk space you want to use for caching. e. One network adapter that is compatible with the computer's operating system, for communication with the internal network. f. An additional network adapter for each network connected to the ISA Server computer. g. One local hard disk partition that is formatted with the NTFS file system.

ISA SERVER 2006

August 7, 2010

Now o o o

my computer have three network card for use in my machine One for connect to ISP ( Internet 172.16.1.0/21) One for connect to LAN Mail Server (192.168.1.0/24 ) One more for connect to LAN Client range ( 10.10.10.0/8 )

Now we Insert the disk ISA 2006 to our CD-ROM then it appear this message for install choose Install ISA Server 2006

After that we click the Next to process next step of installation ISA

ISA SERVER 2006

August 7, 2010

Then we click on I accept the terms in the license agreement to support license of ISA Server Next to next step of installation ISA

And for this step we put the user name that control on our machine that install ISA Server, name of Organization & Serial number to support license of ISA Server Next to next step for installation.

After that this is the function of ISA Server that we can choose to use in our company like Install ISA Server services for configure proxy or other services we can configure to use in company Next.

ISA SERVER 2006

August 7, 2010

For this step we choose the path of the ISA server that we install on our machine Configuration Storage server Next continue.

And for this point we choose Create New ISA Server enterprise for the install of new ISA Server in machine Next continue.

ISA SERVER 2006

August 7, 2010

And for this message it appear to warning after we choose the create new ISA Server enterprise or we can change Next to continue.

And for this point we choose the range of IP address for network Internal to client Add to add range IP.

And this point we add the network card range of Internal IP address of client address OK.

ISA SERVER 2006

August 7, 2010

After that we choose the network card of Internal range for client OK

And this is the range of IP address that have assign on network card we can choose OK.

ISA SERVER 2006

August 7, 2010

After we finished add IP address see like this in box

Next continue

And this point is the option that firewall connection encryption between client and server ISA

And these messages it show that in ISA server have more services like (SNMP, FTP, NNTP, IIS, WWWPS, ICF, ICS, & IPNAT )

ISA SERVER 2006

August 7, 2010

And this message we click to install TAB for process of installation ISA

This is the process of install ISA

And this is the process of success installation one step ISA server

ISA SERVER 2006

August 7, 2010

Now we have finished of installation ISA server Proxy choose to finished TAB.

Now we to console ISA Server and my company have three LAN of Network so I need to choose of the three Leg ISA Server.

Choose next to process of next Template leg network

10

ISA SERVER 2006

August 7, 2010

Click next to process of Template leg ISA changing

And this point we choose the range of IP address Internal network ( LAN client ) Next continue

And this point we choose the range of IP address perimeter network ( LAN server ) Next continue

11

ISA SERVER 2006

August 7, 2010

And for this point we choose the Firewall policy of the leg template block all option default ISA Server it block all

This is the step of finished choose three leg network

finished

12

ISA SERVER 2006

August 7, 2010

After that we choose to apply on console ISA server to apply Rule that we create for LAN network

Click to Ok for support the apply leg ISA Server

Now if we want to route from LAN to ISP must create rule to apply to Networks Create a network Rule.

13

ISA SERVER 2006

August 7, 2010

This is we put the name of network rule that to remember for apply

We choose the network traffic source network.

add for select the source

14

ISA SERVER 2006

August 7, 2010

Now we select he network source in our LAN ( Internal or client ) Add

And after we add see like this in box network traffic source continue step.

Next

15

ISA SERVER 2006

August 7, 2010

Now we choose the Network traffic Destination network card that we want.

add for select the

And for my destination that I create for LAN serve so I must select the perimeter Add

16

ISA SERVER 2006

August 7, 2010

After that we see the perimeter in box network destination continue process

Next

And for the Network LAN can connected to gather we choose the Router protocol it can route Two LAN can connected Next

17

ISA SERVER 2006

August 7, 2010

Now it complete the create rule for route difference LAN

Finish

After finished we click on the Apply server

OK for apply to rule ISA

18

ISA SERVER 2006

August 7, 2010

Then we can see like this on console ISA server

Now we create new rule for route from server to internet by click on Create new a network rule

19

ISA SERVER 2006

August 7, 2010

This point we give the name of rule

Next continue

Now we choose the source network traffic perimeter

add

20

ISA SERVER 2006

August 7, 2010

After add we can see perimeter ( server LAN ) in box network traffic Next continue process of create rule

And destination we choose the external ( ISP )

Add

Next

21

ISA SERVER 2006

August 7, 2010

And this point we see the external destination traffic in box

Next

And for the protocol that we use for route from mail server to internet use the protocol NAT for route Next

22

ISA SERVER 2006

August 7, 2010

This is the finished of the create rule can see in this complete create rule

finish to

After that we see the rule and protocol on the ISA console like below

23

ISA SERVER 2006

August 7, 2010

After that we click on the Apply tab create with the ISA server

OK to apply rule that we new

Now we create one more new rule for route from client to ISP by click on create a network rule

24

ISA SERVER 2006

August 7, 2010

And we give the name of rule that we new create

Next

And this is we add the source network for client internal continue

Next

25

ISA SERVER 2006

August 7, 2010

After add the network card to we see like this in box source network traffic next continue

And we add the external ( ISP network card )

next to continue

26

ISA SERVER 2006

August 7, 2010

After that we see the interface of network card ISP that we add to destination network rule traffic

And this point we choose the protocol that use for route from client to use access to internet next continue

27

ISA SERVER 2006

August 7, 2010

Now we finished for create new rule

finished

Now we click on apply

OK to apply new rule that we created

28

ISA SERVER 2006

August 7, 2010

And this is the new rule it show on console ISA server that we create at the moment

Now I create new network interface for internet assign IP address by to : Networks create a new networks put the name of network interface Next continue
29

ISA SERVER 2006

August 7, 2010

And after that we choose the external network ( external=internet ) next continue

Then we put the IP address range of interface internet OK Next

Add Range

30

ISA SERVER 2006

August 7, 2010

After that this is the range of IP address that we add the moment this IP address according to the range that ISP provide Next

Now it finished to create the range of IP address

finished

31

ISA SERVER 2006

August 7, 2010

Choose to apply OK for apply the interface connection that we created for interface

Then we create new access rule that we create for allow or deny protocol to each LAN access Next

32

ISA SERVER 2006

August 7, 2010

After that we allow protocol for each LAN can know to gather

And this is the protocol that we allow access from mail server to internet we can add more according to requirement next

33

ISA SERVER 2006

August 7, 2010

Choose the source that to access is mail server

next

After that we choose the destination that we allow access from mail server to internet add next

34

ISA SERVER 2006

August 7, 2010

And this is the users that we allow from our domain to access internet by use machine server mail next continue

Now it finished to allow protocol that we use to access internet from mail server machine finished

35

ISA SERVER 2006

August 7, 2010

Choose the apply moment

OK for apply to protocol that we choose at the

Now we create the new protocol access from client to internet click on create new rule put the name of rule next

36

ISA SERVER 2006

August 7, 2010

And choose the allow for client can access to internet

next

After that we choose protocol that we allow access from client to internet click on add select the protocol next

37

ISA SERVER 2006

August 7, 2010

Now select the source of rule access is LAN client

next

And this is we choose the destination of allow access from client is internet next to continue

38

ISA SERVER 2006

August 7, 2010

And select the users that we allow to access internet in our domain

And now we finished to allow protocol that we create & allow client to access from users domain to internet finished

39

ISA SERVER 2006

August 7, 2010

Click on the apply

OK for apply rule to new allow protocol

Now I create new network rule that can route from mail server to ISA and route from ISA to mail server it route the interface this to connected next for continue

40

ISA SERVER 2006

August 7, 2010

And for this we allow for access from ISA to mail server and mail server to ISA next continue

And this is the protocol that we allow access from mail server to ISA & ISA to mail server to add next continue

This is the user that allow to access from ISA to mail server & mail server to ISA by add next continue
41

ISA SERVER 2006

August 7, 2010

Click to finish for end process of allow access rule in LAN

Apply OK for apply rule that we create at the moment for ISA Server proxy

42