Microsoft 2004 User Manual
ISA Server 2004 Configuration Guide
5
The ISA Server 2004 Configuration Guide Lab
Configuration
Configuration
We will use a lab network configuration to demonstrate the capabilities and features of ISA
Server 2004 in this ISA Server 2004 Configuration Guide. We recommend that you set up a
test lab with a similar configuration. If you do not have the resources to create a physical test
lab, you can use operating system virtualization software to create the test lab. We
recommend that you use Microsoft’s Virtual PC software to create your test lab. You can find
more information about Virtual PC at
Server 2004 in this ISA Server 2004 Configuration Guide. We recommend that you set up a
test lab with a similar configuration. If you do not have the resources to create a physical test
lab, you can use operating system virtualization software to create the test lab. We
recommend that you use Microsoft’s Virtual PC software to create your test lab. You can find
more information about Virtual PC at
In this section we will review the following:
• The ISA Server 2004 Configuration Guide network
• Installing Windows Server 2003 on the domain controller machine and then promoting the
• Installing Windows Server 2003 on the domain controller machine and then promoting the
machine to a domain controller
• Installing Exchange Server 2003 on the domain controller and configuring the Outlook
Web Access site to use Basic authentication
ISA Server 2004 Configuration Guide Network Diagram
The figure below depicts the lab network. There are 7 computers on the lab network.
However, none of the scenarios we will work with in this ISA Server 2004 Configuration
Guide requires all the machines to be running at the same time. This will make it easier for
you to use operating system virtualization software to run your lab network.
However, none of the scenarios we will work with in this ISA Server 2004 Configuration
Guide requires all the machines to be running at the same time. This will make it easier for
you to use operating system virtualization software to run your lab network.
The network has a local network and a remote network. There is an ISA Server 2004 firewall
at the edge of the local and remote networks. All the machines on the local network are
members of the msfirewall.org domain, including the ISA Server 2004 firewall machine. No
other machines on the lab network are members of the domain.
at the edge of the local and remote networks. All the machines on the local network are
members of the msfirewall.org domain, including the ISA Server 2004 firewall machine. No
other machines on the lab network are members of the domain.
On our lab network, the external interfaces of the ISA Server 2004 firewalls connect to the
production network, which allows them access to the Internet. You should create a similar
configuration so that you can test actual Internet connectivity for the clients behind the ISA
Server 2004 firewalls.
production network, which allows them access to the Internet. You should create a similar
configuration so that you can test actual Internet connectivity for the clients behind the ISA
Server 2004 firewalls.
If you are using operating system virtualization software, then you should note that there are
three virtual networks in this lab setup. The Internal network (which contains the domain
controller) is on a virtual network, the TRIHOMELAN1 machine on a perimeter network is on
another virtual network, and the REMOTECLIENT machine is on a third virtual network.
Make sure you separate these virtual networks by placing the machines on different virtual
switches so as to prevent Ethernet broadcast traffic from causing unusual results.
three virtual networks in this lab setup. The Internal network (which contains the domain
controller) is on a virtual network, the TRIHOMELAN1 machine on a perimeter network is on
another virtual network, and the REMOTECLIENT machine is on a third virtual network.
Make sure you separate these virtual networks by placing the machines on different virtual
switches so as to prevent Ethernet broadcast traffic from causing unusual results.