Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
0
Helpful
1
Replies

ASA front-end to ISA Server back-end configuration help

licenses
Level 1
Level 1

‎02-09-2009 10:21 AM - edited ‎03-11-2019 07:47 AM

I have a client that requires an ASA front-end firewall that will pass all traffic to an ISA Server setting in front of the corporate LAN. There will also be a SPAM filter in the ASA dmz accepting all email and passing it through ISA to the mail server. The last part of the configuration is they want to use the SSL VPN capabilities of the ASA to connect to the corporate LAN.

I have found numerous articles about setting this up from an ISA Server standpoint, but nothing on how to do this from the ASA side. Looking for configuration examples, dos and don'ts, anyhting that will help me get going.

Thanks,

Labels:
0 Helpful
1 Reply 1

Not applicable

‎02-13-2009 06:51 AM

You will need to define a new network to represent the subnet between the ASA and ISA (this is a traditional DMZ). This could be private or public; unless you have a lot of public IP addresses that you can subnet down, this network is likely to be a private network. The ASA will therefore NAT all inbound and outbound traffic to/from ISA. You can then either NAT or route traffic through ISA to the internal network.

The key thing to remember is that the ASA will need to have all the NAT entries to provide the correct traffic flow AND also you will need to define ACLs to allow different types of outbound access, primarily, this will be ISA though...

Have a look at the following articles which give you a good feel of a back-to-back setup:

http://www.isaserver.org/tutorials/Configuring-Domain-Members-Back-to-Back-ISA-Firewall-DMZ-Part1.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card