Configuring Internal Client Access to Internal Resources

Microsoft Internet Security and Acceleration (ISA) Server 2004 clients are computers located in networks protected by ISA Server. The clients go through the ISA Server computer to access resources in networks other than their own. ISA Server client requests for resources in the same local network should not go through ISA Server. The only exception is in a single network adapter environment, when ISA Server recognizes only the Internal network. The Internal network will be both the source and destination network in access rules. For more information, see Configuring ISA Server 2004 on a Computer with a Single Network Adapter at the Microsoft TechNet Web site.

This document provides an overview of ISA Server client types, and best practices you should follow when creating access rules to control internal traffic. It also discusses several alternative approaches to making internal resources available to internal clients, including internal server publishing, and setting up clients for direct access. This document includes the following sections:

  • Overview of ISA Server network design and how access rules should be configured to allow internal client access to internal resources.
  • Considerations for using publishing rules or access rules to allow clients to access internal resources. Tips on allowing both route and network address translation (NAT) relationships between network objects.
  • How to set up clients for direct access.

For a summary of ISA Server client types, see ISA Server Clients.