Configuring ISA Server Dial-up Connections.
Using ISA over a dial-up connection is fraught with pitfalls, mainly because the dial-up connection is fundamentally different from a permanent connection.
There are dynamic IP's complete with dynamic gateways, PPPoE and the normal translation of Ethernet traffic to modem traffic. All of these things come together to make using ISA difficult in this scenario. Add to those the inability to use more than one external IP address in a dial-up connectoid (dial-up, not ISA limitation), and you have the makings for some real frustration.
Fortunately, there are methods to the madness. We can help ISA understand what it is dealing with on the public side and make ISA installation and operation go much smoother.
I'll take you through a simplified setup of your server with some explanations for each step and how it relates to the other settings we make.
We start with some basic assumptions and terminology definitions:
· You have at your disposal, an ISA server with a properly set up modem and a NIC for the internal network.
· You have access to a DNS server (internal or external) that can resolve Internet names. Your internal network needs some method of resolving Internet names.
· You already have the required IP settings for your internal NIC and the dial-up connectoid. Typically, static IP assignments are nearly impossible to get for telephone modem dial-ups, so you'll have to use the instructions for "Using dynamic IP's on the Internet Connection".
· ISDN dial-ups may also require using the dynamic IP instructions, depending on your ISP policies.
· You have some basic knowledge of Windows 2000 networking. I make the distinction because W2K networking is somewhat changed from NT4 / W9x.
Bear in mind that if you must use a dynamic IP in the dial-up connectoid, web publishing becomes problematic and server publishing effectively becomes impossible because publishing requires specific IP information that changes in a dynamic IP environment.
Creating the Dial-up Connectoid
The first thing we want to do is to create the dial-up connectoid.
1. Right-click on My Network Places and select Properties to get the following display:
2. Double-click Make New Connection. You'll be presented with the following window
3. Click Next to see the Network Connection Type window
4. Select Dial-up to the Internet and Click Next to see the following window
5. Make the selection shown above. This will allow us to customize the settings for the new connectoid. Click Next to see the next pane
6. Make the selection shown and click Next
7. Enter the ISP area code and number in the fields provided. Choose your country code, too. The Advanced button allows you to enter IP settings for this connectoid, but we'll do that later because we have options available later that we don't have now.
8. Click Next to access the account logon information pane. Enter your information here.
9. Click Next to enter a name for the new connectoid. You can use the default, or change it as you choose.
10. Click Next to see the Internet mail account pane. We're not dealing with that here, so select No.
11. Click Next to see the Completing the Internet Connection Wizard
12. Unselect To connect:. We don't want to start a dial-up session until we're sure the settings are correct. Click Finish to close the wizard.
Configuring The Connectoid
The next thing we need to do is to configure some of the optional settings in the connectoid. Essentially, we're locking down this interface to assist ISA with its security model
1. Right-click the new connectoid and select Properties to see the following pane
2. Select the Networking tab. Notice that the File and Printer Sharing and Client for Microsoft Networking are disabled by default. This is a good thing and we want to leave them that way.
3. Select Internet Protocol (TCP/IP) and click the Properties button to get the following display. If you have been able to obtain a static IP assignment (unlikely if you're using a telephone modem), enter it and the DNS server data where indicated. If you get your IP assigned during each connection, skip to step 4.
4. Click the Advanced button to display some more control options as shown below. Unless your ISP indicated otherwise, leave the following settings alone.
5. Click the DNS tab and unselect the Register this connection's address in DNS. There aren't many ISP's that allow dial-up clients to modify their DNS records.
6. Click on the WINS tab and unselect Enable LMHOSTS lookup. You won't be making any NetBIOS connections through this interface, so this option just wastes name resolution time.
7. Click OK and you'll be presented with the following warning.
8. Click Yes, since we don't want to use WINS in the Internet
9. Click OK' o close out the connectoid settings
Double-click the connectoid and allow it to connect to your ISP. If the test succeeds, continue with installing ISA!