Configure ISA server behind a PIX 535

- A
- asr
  
  Contact options for registered users
posted
18 years ago

Fri, Jan 6, 2006 11:37 PM

I have a PIX 535 bundle , running 7.0. I need to setup a ISA server as a web proxy, Secure NAT and the Firewall client. I am planning to have the ISA server connected to PIX inside segment only and configure NAT for the ISA server on the PIX. The ISA server is connected only to the inside segmnet and there is no external interface. I want to find out if I could implemnet all 3 features according to my plan of configuration and what port configuartion is needed on the PIX and any special configuration is needed for the browser or the client PCs to implement all the above features on the ISA server.

Loading thread data ...

- T
- Town Dummy
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Jan 7, 2006 12:18 AM

It is possible to follow the plan that you have outlined.

Set your inside address with this command: ip address inside 16.65.23.225 255.255.255.252

The next command that will help you more than anything is the static command as shown below:

static (inside,outside) 16.65.23.225 16.65.23.225 netmask 255.255.255.255

0 0

This will help you NOT double nat and make everything that you want to move through the ISA as default route out of your LAN. NAT will also be handled by the ISA. After we ran this setup for a year, we dumped the ISA and put in Websense that works with the PIX and does real Proxy. If you have the ISA license then go for it. If you don't then re-think the ISA.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.