![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Here at work we have a PIX 515e that we're looking to replace with an ISA 2006 server (which will be our only ISA server). So far I think I'm getting good handle on things, but I do have a question about how DNS functions with it. As it is we have several servers which have specific ports exposed to the outside world. These servers are used by people on the internet as well as people here in our office building and need to be running at least during all business hours (we have no night staff).
Because the servers pretty much *have* to be up a good portion of the day, we can't throw the ISA server in place of the PIX while we play with and test things... it pretty much has to be good to go when we drop it in. My solution was to plug a small SOHO router into our network and plug the WAN NIC of the ISA server into it and configure the WAN NIC to use a second DNS server that I've set up (which returns the external addresses of the servers). The LAN NIC went to our right to our LAN and used our standard LAN settings. Basically, I now have a network within a network for testing purposes and I should be able to test ISA and get it up and running before dropping it in it's final place.
The main issue I'm looking at is reverse link translation (ie. port forwarding). The main issue is when I use the Traffic Simulator for incoming connections (on the WAN NIC) it keeps checking the destination domain against the DNS listed in the LAN NIC... which of course always returns an internal address. If I set up a new A NAME on that DNS server to return an external address and try again, it all works fine. So... I know I'm setting up the link translation properly, the question is how do I get ISA to use the external DNS for the incoming connections on the WAN NIC and the internal DNS for the connections on the LAN NIC (instead of always using the LAN NICs DNS)?
... hopefully that all makes sense... I have a feeling I'll be clarifying quite a bit of it.
Because the servers pretty much *have* to be up a good portion of the day, we can't throw the ISA server in place of the PIX while we play with and test things... it pretty much has to be good to go when we drop it in. My solution was to plug a small SOHO router into our network and plug the WAN NIC of the ISA server into it and configure the WAN NIC to use a second DNS server that I've set up (which returns the external addresses of the servers). The LAN NIC went to our right to our LAN and used our standard LAN settings. Basically, I now have a network within a network for testing purposes and I should be able to test ISA and get it up and running before dropping it in it's final place.
The main issue I'm looking at is reverse link translation (ie. port forwarding). The main issue is when I use the Traffic Simulator for incoming connections (on the WAN NIC) it keeps checking the destination domain against the DNS listed in the LAN NIC... which of course always returns an internal address. If I set up a new A NAME on that DNS server to return an external address and try again, it all works fine. So... I know I'm setting up the link translation properly, the question is how do I get ISA to use the external DNS for the incoming connections on the WAN NIC and the internal DNS for the connections on the LAN NIC (instead of always using the LAN NICs DNS)?
... hopefully that all makes sense... I have a feeling I'll be clarifying quite a bit of it.