PHWinfo - Afficher un message

12/05/2008, 22h46

"TJ" <nomail@not.here.com.de.nz> wrote in message
news:uG5j59TsIHA.3780@TK2MSFTNGP03.phx.gbl...

> ....... and have purchased ISA Server 2006.

Excellent choice for a Firewall

> 1) How do I move DHCP to Windows without interrupting Internet access for
> the main site?

a. Configure/Prepare the Windows DHCP,...but do not "authorize" it.
b. disable the DHCP on the Linux box
c. "Authorize" the Windows DHCP Service and "activate" the Scope(s)
d. Never enable the DHCP on the Linux box again or they will clash.
e. You "might" have to do a forced Renew/Refresh with IPConfig on the
Clients. You should not really have to,...but we live in an imperfect world

> 2) Will this affect VPN access, both individual and intersite?

.......Assuming the Lease Line is for Internet Access and assuming it will
be eliminating/replacing the former DSL lines,....continued....

> 3) I need to change the gateway for the main site to the leased line while
> (for the present) leaving VPN access through the Linux box. This will
> utilise ISA Server, which will eventually handle all firewall operations.
> What is the best way to achieve this?

Install ISA and get it working. ISA does *not* have to be the Default
Gateway of anything for it to work. ISA only needs to be the Default
Gateway (or be in the Routing Path to the Internet) for SecureNAT Clients.
Set up the LAN to use Proxy Auto-detection via WPAD. Just google "WPAD" and
limit the domain to either "microsoft.com" or "isaserver.org".

You can use both ISA and the Linux system for VPN at the same time during
the transition. The only thing that can't run at the same time is the DHCP.
Everything else can co-exist.

WPAD does not cover SecureNAT Clients. They are done manually.

> 4) Anything else I need to be aware of?
>
> When all this is complete I will then de-commission the Linux
> gateway/server and have everything handled internally.
> Sorry for the length but this is (for me) a complex project I need to do
> in a short space of time

You are going to be running both the ISA and old firewall VPN system at the
same time for a while.

I can't really answer anything more specific without something more specific
to answer.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

12/05/2008, 22h46	#2
Phillip Windell Messages: n/a Hébergeur:	Re: Change from Linux to Windows. "TJ" <nomail@not.here.com.de.nz> wrote in message news:uG5j59TsIHA.3780@TK2MSFTNGP03.phx.gbl... > ....... and have purchased ISA Server 2006. Excellent choice for a Firewall > 1) How do I move DHCP to Windows without interrupting Internet access for > the main site? a. Configure/Prepare the Windows DHCP,...but do not "authorize" it. b. disable the DHCP on the Linux box c. "Authorize" the Windows DHCP Service and "activate" the Scope(s) d. Never enable the DHCP on the Linux box again or they will clash. e. You "might" have to do a forced Renew/Refresh with IPConfig on the Clients. You should not really have to,...but we live in an imperfect world > 2) Will this affect VPN access, both individual and intersite? .......Assuming the Lease Line is for Internet Access and assuming it will be eliminating/replacing the former DSL lines,....continued.... > 3) I need to change the gateway for the main site to the leased line while > (for the present) leaving VPN access through the Linux box. This will > utilise ISA Server, which will eventually handle all firewall operations. > What is the best way to achieve this? Install ISA and get it working. ISA does not have to be the Default Gateway of anything for it to work. ISA only needs to be the Default Gateway (or be in the Routing Path to the Internet) for SecureNAT Clients. Set up the LAN to use Proxy Auto-detection via WPAD. Just google "WPAD" and limit the domain to either "microsoft.com" or "isaserver.org". You can use both ISA and the Linux system for VPN at the same time during the transition. The only thing that can't run at the same time is the DHCP. Everything else can co-exist. WPAD does not cover SecureNAT Clients. They are done manually. > 4) Anything else I need to be aware of? > > When all this is complete I will then de-commission the Linux > gateway/server and have everything handled internally. > Sorry for the length but this is (for me) a complex project I need to do > in a short space of time You are going to be running both the ISA and old firewall VPN system at the same time for a while. I can't really answer anything more specific without something more specific to answer. -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- Understanding the ISA 2004 Access Rule Processing http://www.isaserver.org/articles/IS...cessRules.html Troubleshooting Client Authentication on Access Rules in ISA Server 2004 http://download.microsoft.com/downlo...7/ts_rules.doc Microsoft Internet Security & Acceleration Server: Partners http://www.microsoft.com/isaserver/p...s/default.mspx Microsoft ISA Server Partners: Partner Hardware Solutions http://www.microsoft.com/forefront/e...epartners.mspx -----------------------------------------------------