Share via


Implementing Your ISA Server Solution

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After determining the roles you want for ISA Server and completing your ISA Server design, you will implement your ISA Server solution. Figure 5.15 shows when to implement your ISA Server solution.

Figure 5.15   Implementing Your ISA Server Solution

Implementing Your ISA Server Solution

Figure 5.16 shows the process for implementing the ISA Server solution in your network.

Figure 5.16   Details of Implementing Your ISA Server Solution

Details of Implementing Your ISA Server Solution

Use the following steps to deploy ISA Server in your network:

  1. Ensure that you are running either Windows 2000 Server or the Windows Server 2003 family. If necessary, upgrade the operating system before continuing with the deployment.

  2. Ensure that the latest service pack in installed. If necessary, install the service pack before proceeding with the deployment.

  3. Ensure that the network adapters are installed and working correctly; make sure you have a valid connection to the Internet.

    • You can choose to connect your network to the Internet through either a persistent connection (T1, T3, xDSL, or cable modem) or a dial-up connection. If you choose a direct connection, you need to set up a network adapter that connects the ISA Server–based computer to the Internet.

    • When you set TCP/IP properties for the external network adapter, consult with your ISP for the correct settings. Specifically, you need the IP address, subnet mask, default gateway, and IP addresses for the DNS servers to use in DNS name searches. In some cases, your ISP might be using Dynamic Host Configuration Protocol (DHCP) or bootstrap protocol (BOOTP) for dynamic assignment of client addresses.

    • Typically, ISA Server has only one IP default gateway. You should configure the IP address of the default gateway on the external — not internal — network adapter. Leave the Default Gateway setting for the internal network adapter blank.

    • When setting TCP/IP properties for any internal network adapter, you should enter a permanently reserved IP address for the ISA Server–based computer and an appropriate subnet mask for your internal network. Addressing that is assigned by DHCP should not be used for the internal network adapter, because DHCP might reset the default gateway you selected for the ISA Server–based computer. The external network adapter can be DHCP-enabled, including the default gateway and DNS settings, or these settings can be statically defined.

  4. If you are installing ISA Server Enterprise Edition you need to initialize the enterprise. You can run the Enterprise Initialization Tool in ISA Server startup.

    • If this is the first time you are installing ISA Server as an array member, you should run the ISA Server Enterprise Initialization Tool.

    • If you are installing a stand-alone server, or if you have previously installed ISA Server in your enterprise as an array member, you do not need to run the Enterprise Initialization Tool, and you can select Install ISA Server.

    Important

    • In order to install the ISA Server schema to Active Directory, you must be a member of both the Enterprise Administrators and Schema Administrators groups.
  5. Install ISA Server. Setup asks for the following information:

    • Installation options.

      You can select a Typical installation, Full installation, or Custom installation.

    • Array selection.

      If you previously initialized the enterprise, you can select which array to join. If you did not initialize the enterprise, then ISA Server is installed as a stand-alone server.

    • Mode.

      You can install ISA Server in firewall mode, integrated mode, or cache mode.

    • Cache configuration.

      If you install ISA Server in integrated or cache mode, you need to configure which cache drives to use and the size of the cache.

    • LAT configuration.

      If you install ISA Server in integrated or firewall mode, you need to configure the address ranges to include in the LAT.

  6. Before building your LAT, ensure that you enter all subnets correctly.

    • The LAT is automatically constructed from the Windows Server 2003 routing table. If the computer is connected to a routed internal network and you are unsure of the routing topology of your network or how to add static routes, you can manually construct the LAT to contain the range(s) of IP addresses that your internal clients use.

    • Because a default gateway cannot be set on the internal interface of the ISA Server–based computer, you need to create static routes for your internal network at a later time to achieve full connectivity. You can do this using the route command from the command prompt.

    • A LAT that is configured correctly ensures that ISA Server can determine which network adapter to use, in order to access different portions of your internal network. If the LAT is not configured correctly, a client request for an internal IP address might be incorrectly routed to the Internet or redirected through the firewall service.

  7. After installation, ISA Server effectively blocks all communication between your internal network and the Internet. No communication can occur until you configure an access policy with the protocol, site, and content rules specifically allowing access. Similarly, you must configure publishing rules if you want to allow Internet clients access to computers on your internal network.

    If you installed ISA Server as an array member, then an enterprise policy might be applied to the array. In this case, ISA Server might allow communication if the enterprise policy is configured appropriately.

  8. Install the latest service pack for ISA Server.