Configure ISA server behind a PIX 535

I have a PIX 535 bundle , running 7.0. I need to setup a ISA server as a web proxy, Secure NAT and the Firewall client. I am planning to have the ISA server connected to PIX inside segment only and configure NAT for the ISA server on the PIX. The ISA server is connected only to the inside segmnet and there is no external interface. I want to find out if I could implemnet all 3 features according to my plan of configuration and what port configuartion is needed on the PIX and any special configuration is needed for the browser or the client PCs to implement all the above features on the ISA server.

Reply to
Loading thread data ...

It is possible to follow the plan that you have outlined.

Set your inside address with this command: ip address inside

The next command that will help you more than anything is the static command as shown below:

static (inside,outside) netmask

0 0

This will help you NOT double nat and make everything that you want to move through the ISA as default route out of your LAN. NAT will also be handled by the ISA. After we ran this setup for a year, we dumped the ISA and put in Websense that works with the PIX and does real Proxy. If you have the ISA license then go for it. If you don't then re-think the ISA.

Reply to
Town Dummy Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.