STEP 5: Configuring the Internal Network Computers

  • Article

In this ISA Server 2004 Quick Start Guide, Internal network computers are set up as ISA Server SecureNAT clients. A SecureNAT client is a machine with a default gateway address set to an IP address of a network device that routes Internet-bound requests to the internal IP address of the ISA Server 2004 firewall.

When internal network computers are on the same network ID as the internal interface of the ISA Server 2004 firewall, the default gateway of the internal network computers is set as the internal IP address on the ISA Server 2004 firewall machine. This is how the DHCP scope on the DHCP server located on the ISA Server 2004 firewall is configured.

In this section, we configure internal network computers that are on the same network ID as the internal interface of the ISA Server 2004 firewall and clients that may be located on network IDs that are not on the same network ID. This latter configuration is more common on larger networks that have more than one network ID on the internal network.

Note

The “network ID” is part of the IP address. Network IDs are part of advanced TCP/IP networking concepts. Most small networks have only one Network ID and you do not need to be concerned about knowing your network ID. If you have a router anywhere behind the ISA Server 2004 computer, you need to understand network IDs. Please refer to the resources listed in the ISA Server 2004 Resources section for help with network IDs if you need more information on this issue.

Configuring Internal Clients as DHCP Clients

Internal network clients should be configured as DHCP clients. The DHCP client can request IP addressing information from a DHCP server. In this section, you will find out how to configure the Windows 2000 (Server or Professional) client as a DHCP client. The procedure is similar for all Windows-based clients. Perform the following steps to configure the internal network client and a DHCP client:

  1. Right click the My Network Places icon on the desktop and click the Properties option.
  2. In the Network Connections window, right click the external network interface and click the Properties option.
  3. In the network interface’s Properties dialog box, click the Internet Protocol (TCP/IP) entry and then click the Properties button.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, select the Obtain an IP address automatically option.
    Cc302583.12e25ca7-bb5e-4812-9eed-2b428f045ea8(en-us,TechNet.10).gif
  5. Select the Use the following DNS server addresses option. Enter the IP address of the internal interface in the Preferred DNS server text box. Click OK in the Internet Protocol (TCP/IP) Properties dialog box.
  6. Click OK in the internal interface’s Properties dialog box.

Configuring DHCP Clients on Remote Internal Networks

DHCP clients on remote networks are computers that have a router (or layer 3 switch) separating them from the internal interface of the ISA Server 2004 firewall. DHCP clients on these remote networks are not able to contact the DHCP server located on the ISA Server 2004 firewall because DHCP messages can’t pass through routers by default. Most routers allow you to configure them to pass these DHCP requests using methods variously described as “IP Helper”, “BOOTP relay” or “DHCP relay”. Check your router’s documentation for detailed procedures on how to allow the DHCP requests from clients on remote networks to contact the internal interface of the ISA Server 2004 firewall computer. This is not an issue if you don’t have any routers on the Internal network.

[Topic Last Modified: 02/26/2008]