Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Address translation rules and policy rules in a multi-networked environment in ISA Server 2004


View products that this article applies to.

Introduction

ISA Server 2004 uses a multi-networking model to control the way that traffic flows between networks that are internal to your organization and the way that traffic flows between internal and external networks. You create network rules to specify whether networks are allowed to connect and to define the relationship between them.

A Network Address Translation (NAT) relationship is usually configured for communication between trusted and untrusted networks. This helps to protect the IP address of the source network request. It does this by replacing it with the IP address of the adapter on the ISA Server computer that is connected to the destination network. A NAT relationship is unidirectional. For example, if you create a NAT relationship from the internal network to the perimeter network, traffic that is returned from a perimeter network to the internal network is not translated.

A route relationship is used when a more transparent communication between networks is acceptable and when IP addresses are exposed. A route relationship is bidirectional. Therefore, defining route relationship between the internal network and a perimeter network implicitly defines the same relationship from the perimeter network to the internal network.

Besides network rules, you create access rules to determine how clients on a source network can access resources on a destination network and to determine how such traffic is filtered and inspected.

Publishing rules usually specify how clients from external networks can access internal resources. When you configure internal client access to resources that are located on a different internal network, you may use access rules. Alternatively, you may sometimes use server publishing rules.

↑ Back to the top


References

For more information, visit the following Microsoft Technet Web sites:

Configuring Internal Client Access to Internal Resources in ISA Server 2004http://www.microsoft.com/technet/isa/2004/plan/internalclientaccess.mspx

Best Practices for Configuring Networks in ISA Server 2004http://www.microsoft.com/technet/isa/2004/plan/bp_networks.mspx

Troubleshooting Network Configuration in ISA Server 2004http://www.microsoft.com/technet/isa/2004/plan/ts_networks.mspx

↑ Back to the top


Keywords: KB838362, kbinfo, kbfirewall

↑ Back to the top

Article Info
Article ID : 838362
Revision : 5
Created on : 12/4/2007
Published on : 12/4/2007
Exists online : False
Views : 446