ASA front-end to ISA Server back-end configuration help
I have a client that requires an ASA front-end firewall that will pass all traffic to an ISA Server setting in front of the corporate LAN. There will also be a SPAM filter in the ASA dmz accepting all email and passing it through ISA to the mail server. The last part of the configuration is they want to use the SSL VPN capabilities of the ASA to connect to the corporate LAN.
I have found numerous articles about setting this up from an ISA Server standpoint, but nothing on how to do this from the ASA side. Looking for configuration examples, dos and don'ts, anyhting that will help me get going.
Re: ASA front-end to ISA Server back-end configuration help
You will need to define a new network to represent the subnet between the ASA and ISA (this is a traditional DMZ). This could be private or public; unless you have a lot of public IP addresses that you can subnet down, this network is likely to be a private network. The ASA will therefore NAT all inbound and outbound traffic to/from ISA. You can then either NAT or route traffic through ISA to the internal network.
The key thing to remember is that the ASA will need to have all the NAT entries to provide the correct traffic flow AND also you will need to define ACLs to allow different types of outbound access, primarily, this will be ISA though...
Have a look at the following articles which give you a good feel of a back-to-back setup:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...