Docstoc

Installing and Configuring ISA S

Document Sample
Installing and Configuring ISA S Powered By Docstoc
					ISA Server 2000 Exchange 2000/2003 Deployment Kit


Installing and Configuring ISA Server 2000 on Windows Server 2003


Installing ISA Server 200 on a Windows Server 2003 machine is a little different than how you do
it on a Windows 2000 machine. You need to perform the following procedures to get ISA Server
2000 to install correctly on a Windows Server 2003 machine:

       Install Windows Server 2003
       Install ISA Server 2000
       Install ISA Server Service Pack 1
       Install isahf255.exe
       Install Feature Pack 1

The remainder of this ISA Server 2000 Exchange Server 2000/2003 Deployment Kit document
discusses each of these steps in detail.



Install Windows Server 2003

In order to successfully install ISA Server 2000 in Integrated Mode on Windows Server 2003, the
machine should have the following characteristics:

       At least two network interfaces – one internal and one external
       DNS settings on network interfaces are correct
       Disable non-essential services

You need at least one internal and one external interface. The internal interface will be on the
Local Address Table (LAT) and it is not configured with a default gateway. The external interface
is never on the LAT. Only the external interface is configured with a default gateway address.
Windows Server 2003, like Windows 2000, allows one interface to have a default gateway. The
result is that ISA Server on Windows Server 2003 supports a single external interface or single
Internet interface. You can have multiple public address DMZ interfaces, but only a single
interface can connect the internal network to the Internet.

The DNS settings on the ISA Server interfaces must be correct. The preferred configuration is to
configure the internal interface of the ISA Server with the address of a DNS server on the internal
network that is capable of resolving Internet host names. You should also put the internal
interface on the top of the interface list because Windows Server 2003 uses the interface order to
determine which name server addresses to query first.




Installing and Configuring ISA Server 2000 on Windows Server 2003                          1
ISA Server 2000 Exchange 2000/2003 Deployment Kit



Perform the following steps to configure the interface order on the ISA Server computer:

    1. Click Start, point to Control Panel and right click on Network Connections. Click the
       Open command.

Figure 1




2                       Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   2. In the Network Connections window, click the Advanced menu and then click the
      Advanced Settings command.

Figure 2




Installing and Configuring ISA Server 2000 on Windows Server 2003                3
ISA Server 2000 Exchange 2000/2003 Deployment Kit


    3. In the Advanced Settings dialog box, select the interface that represents the internal
       interface and click the up arrow to move the internal interface to the top of the interface
       list. Click OK in the Advanced Settings dialog box after making the changes.

Figure 3




Do not put both an internal DNS server and an external DNS server on the same interface. The
external DNS server will not be able to resolve internal network host names. Under certain
circumstances the Internet DNS server could be placed on the top of the DNS server list and this
can lead to the ISA Server not being able to communicate with the internal network domain
controllers and interfere with authentication.

All non-essential services should be disabled on the ISA Server computer. While each
implementation of ISA Server requires a customized set of services, it is safe to conclude that you
should not run the IIS W3SVC (the World Wide Web service) on the ISA Server firewall computer.
We also recommend that you do not use the Web browser or email client software on the ISA
Server firewall, as Web browsing and email clients are major vectors for virus and worm attacks.
A properly configured ISA Server firewall is very secure, but the addition of client applications can
have a significant negative impact on ISA Server security.




4                        Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


Install ISA Server 2000

Locate your ISA Server 2000 CD-ROM disk and put it into the CD-ROM drive or connect to a
network share containing the ISA Sever 2000 installation files. Perform the following steps to
install ISA Server on a Windows Server 2003 machine:

    1. Double click on the ISAAutorun.exe file on the ISA Server CD, local hard disk, or
       network share point.

Figure 4




Installing and Configuring ISA Server 2000 on Windows Server 2003                         5
ISA Server 2000 Exchange 2000/2003 Deployment Kit


    2. Click on the Install ISA Server link on the Internet Security & Acceleration Server
       2000 splash page.

Figure 5




6                      Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   3. You will see an ISA 2000 dialog box informing that you need to install ISA 2000 Service
      Pack 1. Error messages will occur during the installation. Don’t be concerned about
      these errors as we will perform the required procedures to prevent them from becoming a
      problem. Click Continue.

Figure 6




Installing and Configuring ISA Server 2000 on Windows Server 2003                    7
ISA Server 2000 Exchange 2000/2003 Deployment Kit


    4. Click Continue on the Welcome to the Microsoft ISA Server installation program
       page.

Figure 7




8                     Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   5. Enter your CD Key in the CD Key dialog box. Click OK.

Figure 8




Installing and Configuring ISA Server 2000 on Windows Server 2003   9
ISA Server 2000 Exchange 2000/2003 Deployment Kit


     6. Write down your Product ID as list in the Product ID dialog box. Click OK in the Product
        ID dialog box after writing this number down.
     7. Click I Agree in the Microsoft ISA Server Setup dialog box.

Figure 9




10                      Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   8. Click the Full Installation button in the installation type dialog box. I am assuming you
      want to use all the features that ISA Server has to offer. You can use the Add/Remove
      Programs applet later if you want to remove some ISA Server features.

Figure 10




Installing and Configuring ISA Server 2000 on Windows Server 2003                        11
ISA Server 2000 Exchange 2000/2003 Deployment Kit


     9. In this example we are installing ISA Server in standalone mode, not in enterprise array
        mode. Click Yes in the dialog box that asks if you want to continue.

Figure 11




12                       Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   10. Select the Integrated mode option on the Select the mode for this server page. You
       want to take advantage of the full power of your ISA Server firewall. Integrated mode
       gives you everything the Web Proxy and Firewall services have to offer. Go for it! Click
       Continue.

Figure 12




Installing and Configuring ISA Server 2000 on Windows Server 2003                        13
ISA Server 2000 Exchange 2000/2003 Deployment Kit


     11. On the Web cache page, select a drive to put the Web cache file on. The drive must be
         NTFS. Type in a size of the cache in the Cache size (MB) text box and then click the Set
         button. Then click OK.

Figure 13




14                       Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   12. On the LAT page, click the Construct Table button. On the Local Address Table page,
       remove the checkmark in the Add the following private ranges checkbox. Put a
       checkmark in the Add address ranges based on the Windows 2000 Routing Table
       checkbox. Remove the checkmark from the checkbox representing the external interface,
       and leave the checkmark in the checkbox for the internal interface. Click OK in the Local
       Address Table dialog box, then click OK in the Setup Message dialog box that informs
       you that the LAT was contstructed based on the Windows 2000 routing table (in spite of
       the fact that you’re installing ISA Server on a Windows Server 2003 machine).

Figure 14




Installing and Configuring ISA Server 2000 on Windows Server 2003                       15
ISA Server 2000 Exchange 2000/2003 Deployment Kit


        13. Click OK on the LAT dialog box after reviewing the list listing in the Internal IP ranges
list.

Figure 15




16                          Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   14. Unlike Windows 2000, Windows Server 2003 does not install IIS by default. You will see
       a dialog box telling you that you’ll have to install the SMTP service if you want to run the
       SMTP Message Screener. Click OK to continue.

Figure 16




Installing and Configuring ISA Server 2000 on Windows Server 2003                           17
ISA Server 2000 Exchange 2000/2003 Deployment Kit


     15. The ISA Server services are installed. You will see a warning balloon informing you that
         ISA 2000 will cause Windows to become unstable. Close the balloon, remove the
         checkmark from the Start ISA Server Getting Started Wizard checkbox, and then click
         OK in the Launch ISA Management Tools dialog box.

Figure 17




18                       Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


   16. Click OK in the dialog box that informs you that setup was completed.

Figure 18




Installing and Configuring ISA Server 2000 on Windows Server 2003              19
ISA Server 2000 Exchange 2000/2003 Deployment Kit


     17. Click OK in the dialog box that informs you that setup has failed to start one or more
         services.

Figure 19




Now you’re ready to install ISA Server Service Pack 1.




20                       Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


Install ISA Server Service Pack 1

The next step is to immediately install ISA Server Service Pack 1. You can get Service Pack 1 at
http://www.microsoft.com/isaserver/downloads/sp1.asp Download SP1. Download the Service
Pack to a machine on the internal network, scan it for viruses, then copy it to the ISA Server.
Perform the following steps after copying the service pack to the ISA Server:

    1. Double click on the isasp1.exe file. Type in a path to put the temporary files in the
       Choose Directory for Extracted Files dialog box. Click OK.

Figure 20




Installing and Configuring ISA Server 2000 on Windows Server 2003                          21
ISA Server 2000 Exchange 2000/2003 Deployment Kit


     2. Click I Agree in the End User License Agreement (EULA) dialog box.

Figure 21




22                     Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


    3. Click OK in the Microsoft ISA Server 2000 Update Setup dialog box. The computer will
       restart.

Figure 22




That’s all there is to installing ISA Server service pack 1.




Installing and Configuring ISA Server 2000 on Windows Server 2003                   23
ISA Server 2000 Exchange 2000/2003 Deployment Kit


Install HotFix isahf255.exe

Log onto the machine after the ISA Server service pack 1 installation routine restarts the
machine. There are a few hotfixes and updates you need to install on the Windows Server
2003/ISA Server machine to insure that everything works correctly. You can download the HotFix
pack, isahf255.exe at http://www.microsoft.com/downloads/details.aspx?familyid=77d89f87-
5205-4779-b1ab-fc338283b2d9&displaylang=en

Download the file to a machine on the internal network, scan it for viruses, and then copy it to the
ISA Server. Perform the following steps after copying the file to the ISA Server:

     1. Double click on the isahf255.exe file. Read the click I Agree in the ISA Server 2000 hot
        fix 255 (331062) dialog box. Type in a path for the temporary files in the Choose
        Directory for Extracted Files dialog box, then click OK.

Figure 23




24                       Installing and Configuring ISA Server 2000 on Windows Server 2003
ISA Server 2000 Exchange 2000/2003 Deployment Kit


    2. Click I Agree in the EULA dialog box.
    3. Click OK in the Microsoft ISA Server 2000 Update Setup dialog box that informs you
       that the update was successful applied.

Figure 24




Note that you do not need to restart the server. The next step is to install Feature Pack 1.




Installing and Configuring ISA Server 2000 on Windows Server 2003                              25
ISA Server 2000 Exchange 2000/2003 Deployment Kit


Install Feature Pack 1

Feature Pack 1 (FP1) is not required. You don’t have to install ISA Server Feature Pack 1 on the
Windows Server 2003/ISA Server machine to get ISA Server 2000 working correctly. However, I
do highly recommend that you install ISA Server Feature Pack 1 because it adds a several new
and useful features. You can download ISA Server Feature Pack 1 at
http://www.microsoft.com/downloads/details.aspx?FamilyID=2f92b02c-ac49-44df-af6c-
5be084b345f9&DisplayLang=en

Download the feature pack to a machine on the internal network and scan it for viruses. Then
copy the file to the ISA Server and perform the following steps:

     1. Double click on the isaftp1.exe file. Type in a path for the extracted files in the Choose
        Directory For Extracted Files dialog box.

Figure 25




     2. Click I Agree in the Feature Pack 1 EULA dialog box.
     3. Click OK in the Microsoft ISA Server 2000 Feature Pack 1 dialog box. Leave the
        checkmark in the Read about ISA Server Feature Pack 1 checkbox to learn more about
        what you get with Feature Pack 1.




26                       Installing and Configuring ISA Server 2000 on Windows Server 2003

				
DOCUMENT INFO