Module 3: Enabling
Access to Internet
Resources
Overview
ISA Server 2004 as a Proxy Server
Configuring Multi-Networking on ISA Server
Configuring Access Rule Elements
Configuring Access Rules for Internet Access
Lesson: ISA Server 2004 as a Proxy Server
How ISA Server Enables Secure Access to Internet
Resources
Why Use a Proxy Server?
How Does a Forward Web Proxy Server Work?
What Is a Reverse Web Proxy Server?
How to Configure ISA Server as a Proxy Server
DNS Configuration for Internet Access
How to Configure Web Chaining
How to Configure Dial-Up Connections
How ISA Server Enables Secure Access to
Internet Resources
ISA
Server
ISA
Server
Web
Server
Web
Server
Proxy Server
Proxy Server
Is the …

User allowed access?
Computer allowed access?
Protocol allowed?
Destination allowed?
Content allowed?
Why Use a Proxy Server?
Improved Internet access security:
Improved Internet access security:
User authentication
Filtering client requests
Content inspection
Logging user access
Hiding the internal network details
User authentication
Filtering client requests
Content inspection
Logging user access
Hiding the internal network details
ISA Server
Improved Internet access performance
Improved Internet access performance
Web Server
How Does a Forward Web Proxy Server Work?
ISA
Server
ISA
Server
Web
Server
Web

Server
1
1
3
3
6
6
2
2
5
5
4
4
Is the …
User allowed access?
Protocol allowed?
Destination allowed?
What Is a Reverse Web Proxy Server?
3
3
Web
Server
Web
Server
DNS
Server
DNS
Server
ISA
Server

ISA
Server
5
5
4
4
2
2
6
6
1
1
Is the …
Request allowed?
Protocol allowed?
Destination allowed?
How to Configure ISA Server as a Proxy Server
DNS Configuration for Internet Access
Configure ISA Server clients to use an internal DNS
server if the DNS server can resolve Internet addresses
Configure ISA Server clients to use an internal DNS
server if the DNS server can resolve Internet addresses
If no internal DNS server is available to resolve Internet
addresses, configure the ISA Server clients to use an
Internet DNS server
If no internal DNS server is available to resolve Internet
addresses, configure the ISA Server clients to use an
Internet DNS server
ISA Server includes a DNS cache that caches the
results of all DNS lookups performed through

ISA Server
ISA Server includes a DNS cache that caches the
results of all DNS lookups performed through
ISA Server
ISA Server can proxy DNS requests for Web proxy and
Firewall clients but not for SecureNAT clients
ISA Server can proxy DNS requests for Web proxy and
Firewall clients but not for SecureNAT clients
How to Configure Web Chaining
Head Office
Branch Office
Internet
Branch Office
How to Configure Dial-Up Connections
Enable dial-up
for connections
to this network
Enable dial-up
for connections
to this network
Logon using
this account
Logon using
this account
Use this dial-up
connection
Use this dial-up
connection
Practice: Configuring ISA Server as a Web Proxy Server
Configuring the proxy server settings on

ISA Server
Internet
Den-ISA-01
Den-DC-01
Lesson: Configuring Multi-Networking on ISA Server
How Does ISA Server 2004 Support Multiple Networks?
Default Networks Enabled in ISA Server
About Network Objects
How to Create and Modify Network Objects
What Are Network Rules?
Internet
How Does ISA Server 2004 Support Multiple Networks?
Support any Number of Networks
VPN Networks Represented
as Networks
Dynamic Network
Membership
Per Network Rules
Per Network Policies
Network Sets
LAN1
LAN2
VPN
Perimeter2
Perimeter1
Default Networks Enabled in ISA Server
Default Network Includes
Local Host The ISA Server
Default External
All IP addresses not associated with

another network
Internal
All IP addresses specified as internal
during installation
VPN Clients
All IP addresses for currently
connected VPN clients
Quarantined VPN
Clients
All IP addresses of connected VPN
clients that have not cleared
quarantine
About Network Objects
Network Object Includes
Network
All computers connected to a single network
interface
Network Set One or more networks
Computer A single computer identified by an IP address
Computer Set
All computers included in specified computer,
subnet or address range objects
Address Range
All computers identified by continuous
IP addresses
Subnet All computers on a specified subnet
URL Set All specified URLs
Domain Name Set All specified domain names
Web Listener
The IP address on which the ISA Server

listens for connections
How to Create and Modify Network Objects
Click Firewall Policy,
Toolbox, then
Network Objects
Click Firewall Policy,
Toolbox, then
Network Objects
Click Networks, then
Networks or Network Sets
Click Networks, then
Networks or Network Sets
What Are Network Rules?
NAT connection:
NAT connection:
A NAT relationship is directional
Addresses from the source network are always
translated when passing through ISA Server
A NAT relationship is directional
Addresses from the source network are always
translated when passing through ISA Server
Route connection:
Route connection:
A route relationship is bidirectional
If a routed relationship is defined from network A
to network B, a routed relationship also exists from
network B to network A
A route relationship is bidirectional
If a routed relationship is defined from network A
to network B, a routed relationship also exists from

network B to network A
Practice: Managing Network Objects
Configuring a new network
on ISA Server
Configuring a new network rule
on ISA Server
Configuring a new computer network
object on ISA Server
Internet
Den-ISA-01
Den-DC-01
Lesson: Configuring Access Rule Elements
What Are Access Rule Elements?
How to Configure Protocol Elements
How to Configure User Elements
How to Configure Content Type Elements
How to Configure Schedule Elements
How to Configure Domain Name Sets and URL Sets
What Are Access Rule Elements?
Access Rule Element Used to Configure
Protocols
The protocols that will be allowed or
denied by an access rule
Users
The users that will be allowed or denied
by an access rule
Content Types
The content type that will be allowed or
denied by an access rule
Schedules

The time of day when Internet access will
be allowed or denied by an access rule
Network Objects
The computers or destinations that will be
allowed or denied by an access rule
How to Configure Protocol Elements
How to Configure User Elements
How to Configure Content Type Elements
Define the MIME
types and file
extensions to include
Define the MIME
types and file
extensions to include
How to Configure Schedule Elements
Define the times
when this schedule
is active or inactive
Define the times
when this schedule
is active or inactive