Jump to content

Change from Linux to Windows.

Guest TJ

By Guest TJ
in Windows 2003 Server

 Share

Recommended Posts

Guest TJ

Guest TJ

Posted
Posted

Hi

 

First of all my apologies for cross posting, but this covers many issues

that I do not think may be possible to cover in a single post. If I have

underestimated the skills in the community, again my apologies.

 

I have a major redesign of our network to undertake - without impinging on

the business operation. I can't really do a weekend as we are a 24/7

operation.

 

I need to move from 1 scenario to another and am looking for the best way of

doing it - these follow.

Current Scenario -

Externally managed Linux Server with 3 ADSL lines acting as Gateway/DHCP

Server/Firewall/VPN Server (OpenVPN)/File Server

Windows 2K3 R2 servers managing DNS/Active Directory/Exchange (including

external RPC over HTTP access)/File & Print Services.

 

Future Scenario - Everything managed in a Windows 2K3 R2 environment with a

leased line, intersite VPN (have office in London & Doncaster) and a

firewall with a DMZ for a Application Web Server running on Red Hat

Enterprise (which I can't change as it was in place when I arrived).

 

I already have the leased line in place (but not yet used) and have

purchased ISA Server 2006. My issues are

1) How do I move DHCP to Windows without interrupting Internet access for

the main site?

2) Will this affect VPN access, both individual and intersite?

3) I need to change the gateway for the main site to the leased line while

(for the present) leaving VPN access through the Linux box. This will

utilise ISA Server, which will eventually handle all firewall operations.

What is the best way to achieve this?

4) Anything else I need to be aware of?

 

When all this is complete I will then de-commission the Linux gateway/server

and have everything handled internally.

Sorry for the length but this is (for me) a complex project I need to do in

a short space of time

 

Thanks in advance

TJ.

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Phillip Windell

Guest Phillip Windell

Posted
Posted

Re: Change from Linux to Windows.

 

"TJ" <nomail@not.here.com.de.nz> wrote in message

news:uG5j59TsIHA.3780@TK2MSFTNGP03.phx.gbl...

> ....... and have purchased ISA Server 2006.

 

Excellent choice for a Firewall

> 1) How do I move DHCP to Windows without interrupting Internet access for

> the main site?

 

a. Configure/Prepare the Windows DHCP,...but do not "authorize" it.

b. disable the DHCP on the Linux box

c. "Authorize" the Windows DHCP Service and "activate" the Scope(s)

d. Never enable the DHCP on the Linux box again or they will clash.

e. You "might" have to do a forced Renew/Refresh with IPConfig on the

Clients. You should not really have to,...but we live in an imperfect world

> 2) Will this affect VPN access, both individual and intersite?

 

.......Assuming the Lease Line is for Internet Access and assuming it will

be eliminating/replacing the former DSL lines,....continued....

> 3) I need to change the gateway for the main site to the leased line while

> (for the present) leaving VPN access through the Linux box. This will

> utilise ISA Server, which will eventually handle all firewall operations.

> What is the best way to achieve this?

 

Install ISA and get it working. ISA does *not* have to be the Default

Gateway of anything for it to work. ISA only needs to be the Default

Gateway (or be in the Routing Path to the Internet) for SecureNAT Clients.

Set up the LAN to use Proxy Auto-detection via WPAD. Just google "WPAD" and

limit the domain to either "microsoft.com" or "isaserver.org".

 

You can use both ISA and the Linux system for VPN at the same time during

the transition. The only thing that can't run at the same time is the DHCP.

Everything else can co-exist.

 

WPAD does not cover SecureNAT Clients. They are done manually.

> 4) Anything else I need to be aware of?

>

> When all this is complete I will then de-commission the Linux

> gateway/server and have everything handled internally.

> Sorry for the length but this is (for me) a complex project I need to do

> in a short space of time

 

You are going to be running both the ISA and old firewall VPN system at the

same time for a while.

 

I can't really answer anything more specific without something more specific

to answer.

 

--

Phillip Windell

http://www.wandtv.com

 

The views expressed, are my own and not those of my employer, or Microsoft,

or anyone else associated with me, including my cats.

-----------------------------------------------------

Understanding the ISA 2004 Access Rule Processing

http://www.isaserver.org/articles/ISA2004_AccessRules.html

 

Troubleshooting Client Authentication on Access Rules in ISA Server 2004

http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

 

Microsoft Internet Security & Acceleration Server: Partners

http://www.microsoft.com/isaserver/partners/default.mspx

 

Microsoft ISA Server Partners: Partner Hardware Solutions

http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx

-----------------------------------------------------

Guest TJ

Guest TJ

Posted
Posted

Re: Change from Linux to Windows.

 

Thank you Phillip, this is exactly what I was looking for.

Thanks again

Tony

 

"Phillip Windell" <philwindell@hotmail.com> wrote in message

news:eT2hWmHtIHA.5096@TK2MSFTNGP02.phx.gbl...

> "TJ" <nomail@not.here.com.de.nz> wrote in message

> news:uG5j59TsIHA.3780@TK2MSFTNGP03.phx.gbl...

>

>> ....... and have purchased ISA Server 2006.

>

> Excellent choice for a Firewall

>

>> 1) How do I move DHCP to Windows without interrupting Internet access for

>> the main site?

>

> a. Configure/Prepare the Windows DHCP,...but do not "authorize" it.

> b. disable the DHCP on the Linux box

> c. "Authorize" the Windows DHCP Service and "activate" the Scope(s)

> d. Never enable the DHCP on the Linux box again or they will clash.

> e. You "might" have to do a forced Renew/Refresh with IPConfig on the

> Clients. You should not really have to,...but we live in an imperfect

> world

>

>> 2) Will this affect VPN access, both individual and intersite?

>

> .......Assuming the Lease Line is for Internet Access and assuming it will

> be eliminating/replacing the former DSL lines,....continued....

>

>> 3) I need to change the gateway for the main site to the leased line

>> while (for the present) leaving VPN access through the Linux box. This

>> will utilise ISA Server, which will eventually handle all firewall

>> operations. What is the best way to achieve this?

>

> Install ISA and get it working. ISA does *not* have to be the Default

> Gateway of anything for it to work. ISA only needs to be the Default

> Gateway (or be in the Routing Path to the Internet) for SecureNAT Clients.

> Set up the LAN to use Proxy Auto-detection via WPAD. Just google "WPAD"

> and limit the domain to either "microsoft.com" or "isaserver.org".

>

> You can use both ISA and the Linux system for VPN at the same time during

> the transition. The only thing that can't run at the same time is the

> DHCP.

> Everything else can co-exist.

>

> WPAD does not cover SecureNAT Clients. They are done manually.

>

>> 4) Anything else I need to be aware of?

>>

>> When all this is complete I will then de-commission the Linux

>> gateway/server and have everything handled internally.

>> Sorry for the length but this is (for me) a complex project I need to do

>> in a short space of time

>

> You are going to be running both the ISA and old firewall VPN system at

> the same time for a while.

>

> I can't really answer anything more specific without something more

> specific to answer.

>

> --

> Phillip Windell

> http://www.wandtv.com

>

> The views expressed, are my own and not those of my employer, or

> Microsoft,

> or anyone else associated with me, including my cats.

> -----------------------------------------------------

> Understanding the ISA 2004 Access Rule Processing

> http://www.isaserver.org/articles/ISA2004_AccessRules.html

>

> Troubleshooting Client Authentication on Access Rules in ISA Server 2004

> http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

>

> Microsoft Internet Security & Acceleration Server: Partners

> http://www.microsoft.com/isaserver/partners/default.mspx

>

> Microsoft ISA Server Partners: Partner Hardware Solutions

> http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx

> -----------------------------------------------------

>

 Share
Go to topic listing
×
×
  • Create New...