Back-to-back perimeter network configuration
In a back-to-back perimeter network configuration, two Microsoft Internet Security and Acceleration (ISA) Server computers are located on either side of the perimeter network (also known as a DMZ, demilitarized zone, and screened subnet). The figure illustrates a back-to-back perimeter network configuration.
In this configuration, two ISA Server computers are hooked up to each other, with one connected to the Internet and the other to the local network. The perimeter network resides between the two servers. Both ISA Server computers are set up in integrated or firewall mode, which reduces the risk of compromise, since an attacker would need to break into both systems in order to get to the internal network.
Perform the following steps to make the servers on the perimeter network available to external (Internet) clients:
1. | Configure the local address table (LAT) on the ISA Server computer that is connected to the corporate network (ISA Server computer 2) to include the Internet Protocol (IP) addresses of the computers in the corporate network. For more information, see Configuring the local address table. | ||||||||
2. | Configure the LAT on the ISA Server computer connected to the Internet to include the IP address of the ISA Server connected to the corporate network and the IP addresses of all the publishing servers in the perimeter network. | ||||||||
3. | Create a server publishing rule for each of the publishing servers on the perimeter network. To publish Web servers, create a Web publishing rule. For example, the figure illustrates a Telnet server and an Internet Information Services (IIS) server. To publish the Telnet server, create a server publishing rule with the following parameters:
For more information, see Server publishing rules and Web publishing rules. | ||||||||
4. | To publish the IIS server, create a Web publishing rule with the following parameters:
|
