Setting up the default gateway for SecureNAT clients

Secure network address translation (SecureNAT) clients do not require specific software to be deployed on the client computers. However, you must configure your network topology for the Microsoft Internet Security and Acceleration (ISA) Server computer to protect the SecureNAT clients and ensure that their requests are serviced.

Specifically, the default gateway for the SecureNAT clients must be properly configured. When setting the default gateway property, identify which type of network topology you are configuring:

• Simple network. A simple network topology does not have any routers configured between the SecureNAT client and the ISA Server computer.

• Complex network. A complex network topology has one or more routers bridging multiple subnets that are configured between a SecureNAT client and the ISA Server computer.

Configuring SecureNAT clients on a simple network

To configure SecureNAT clients on a simple network, you should set the SecureNAT client's Internet Protocol (IP) default gateway settings to the IP address of the ISA Server computer's internal network address card. You can set this manually, using the TCP/IP settings on the client. (These settings can be by clicking the Network icon in Control Panel.) Alternatively, you can configure these settings automatically for the client using the DHCP service.

Configuring SecureNAT clients on a complex network

To configure SecureNAT clients on a complex network, you should set the default gateway settings to the last router in the chain between the SecureNAT client and the ISA Server computer. In this case, you do not have to change the default gateway settings for the SecureNAT clients.

Optimally, the router should use a default gateway that routes along the shortest path to the ISA Server computer. Also, the router should not be configured to discard packets destined for addresses outside the corporate network; ISA Server will determine how to route the packets.