Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production
(collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from
the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold
AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci-
dental or consequential damages arising out from the Work or its contents. Because some states do not allow
the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not
apply to you.
You should always use reasonable case, including backup and other appropriate precautions, when working
with computers, networks, data, and files.
Syngress Media® and Syngress® are registered trademarks of Syngress Media, Inc.“Career Advancement Through
Skill Enhancement®,”“Ask the Author™,”“Ask the Author UPDATE™,”“Mission Critical™,” and “Hack
Proofing™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are
trademarks or service marks of their respective companies.
KEY SERIAL NUMBER
001 NANFA94U53
002 MA3AEJDRF9
003 MKEA9UU2Q4
004 KT95QJFD95
005 ZPERJ7AT54
006 EK3ATZLCPE
007 5J6EMVCDAP
008 45SEJT9HSB
009 LDMA349F2G
010 XCFT678KM3
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Configuring ISA Server 2000: Building Firewalls for Windows 2000
Copyright © 2001 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America.
Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or dis-
tributed in any form or by any means, or stored in a database or retrieval system, without the prior written
permission of the publisher, with the exception that the program listings may be entered, stored, and executed
in a computer system, but they may not be reproduced for publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-928994-29-6
Technical edit by: Martin Grasdal Copy edit by: Darlene Bordwell
Co-Publisher: Richard Kristof Index by: Jennifer Coker
Project Editor: Maribeth Corona-Evans Page Layout and Art by: Shannon Tozier
Distributed by Publishers Group West
132_ISA_FM 4/2/01 4:29 PM Page iv
v
Acknowledgments
We would like to acknowledge the following people for their kindness and support
in making this book possible.
Richard Kristof and Duncan Anderson of Global Knowledge, for their generous
access to the IT industry’s best courses, instructors and training facilities.
Ralph Troupe, Rhonda St. John, and the team at Callisma for their invaluable insight
into the challenges of designing, deploying and supporting world-class enterprise
networks.
Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Bill
Richter, Kevin Votel, and Brittin Clark of Publishers Group West for sharing their
incredible marketing experience and expertise.
Mary Ging, Caroline Hird, Simon Beale, Caroline Wheeler,Victoria Fuller, Jonathan
Bunkell, and Klaus Beran of Harcourt International for making certain that our
vision remains worldwide in scope.
Anneke Baeten, Annabel Dent, and Laurie Giles of Harcourt Australia for all
their help.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim,
Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with
which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Ethan Atkin at Cranbury International for his help in expanding the Syngress
program.
Joe Pisco, Helen Moyer, and the great folks at InterCity Press for all their help.
v
132_ISA_FM 4/2/01 4:29 PM Page v
132_ISA_FM 4/2/01 4:29 PM Page vi
vii
From Deb and Tom Shinder,
Authors
As always, writing a book is a complex undertaking that involves many people in
addition to the authors.This book was, in many ways, a special challenge.We were
working with a brand new product, with new features, quirks, and—dare we say—a
few bugs that had to be stepped on along the way.
A lot of blood, sweat, and tears (not to mention gallons and gallons of caffeine)
went into the making of this book. Our goal was to create the definitive guide to
Microsoft’s ISA Server, a reference that can be consulted by network professionals as
they roll out ISA on their production networks, a supplement to the formal study
guides used by MCP/MCSE candidates in preparation for Exam 70-227, and an
“interpreter” for those who find the sometimes overly technical jargon in the
Microsoft documentation difficult to understand. It also serves as a record of our
ongoing saga of discovery, frustration, confusion, and triumph as we worked with the
product and struggled to master its intricacies.
There are many who contributed to the cause, without whose help the book could
not have been written.We especially want to recognize and thank the following:
Martin Grasdal, of Brainbuzz.com, our technical editor. Although we moaned and
groaned and cursed his name each time we received our chapters back with his many
suggestions for wonderful improvements that would take days of work and add
dozens of pages, the book would not be half as good (and perhaps not half as long)
without his much-appreciated input.
Stephen Chetcuti, of isaserver.org, who provided encouragement, enthusiasm, and
a forum in which we were able to promote both the product and this book, and get
to know other ISA Server enthusiasts from all over the world.
Joern Wettern, of Wettern Network Solutions and Technical Lead in developing
the Microsoft Official Curriculum for Course 2159A, Deploying and Managing
Microsoft ISA Server 2000, who provided invaluable help and served as the “official
word” on those perplexing questions that did not seem to have an answer.
132_ISA_FM 4/2/01 4:29 PM Page vii
viii
Sean McCormick, of Brainbuzz.com, technical consultant/writer/Chief
Executive Flunkie (CEF) and friend, who provided emotional and psychological sup-
port through the dark days (and nights!) when it seemed we might still be working
on this book at the turn of the next century.
We also must thank literally dozens of participants in the Microsoft public ISA
Server newsgroup and the discussion mailing list and message boards sponsored by
isaserver.org. In particular, our gratitude goes to: Rob Macleod, Nathan Mercer, Jason
Rigsbee,Trevor Miller, Slav Pidgorny (MVP), Ellis M. George, Jake Phuoc Trong Ha,
Terry Poperszky,Vic S. Shahid,Tim Laird, Nathan Obert,Thomas Lee, John Munyan,
Wes Noonan, Allistah, Eric Watkins, Rick Hardy,Tone Jarvis, Dean Wheeler, Stefan
Heck, Charles Ferreira, Phillip Lyle, Sandro Gauci, Jim Wiggins, Regan Murphy,
Nick Galea, Ronald Beekelaar, Russell Mangel, Hugo Caye, and Jeff Tabian. Our
apologies for anyone we may have inadvertently left out.
All of the above were instrumental in the development of this book, but any
errors or omissions lie solely on the heads of the authors.We have tried hard to make
this manuscript as mistake-free as possible, but human nature being what it is, perfec-
tion is hard to achieve.
We want to send a very special message of thanks to Maribeth Corona-Evans,
our editor. Her patience and understanding in the face of our weeping and wailing
and gnashing of teeth has earned her a permanent place in our hearts.
And finally, to Andrew Williams, our publisher, whose e-mail queries regarding
when the final chapters were going to be finished demonstrated the utmost in tact
and diplomacy—even if undeserved on our part.
Dr.Thomas W. Shinder
Debra Littlejohn Shinder
132_ISA_FM 4/2/01 4:29 PM Page viii
ix
Contributors
Thomas Shinder, M.D. (MCSE, MCP+I, MCT) is a technology
trainer and consultant in the Dallas-Ft.Worth metroplex. He has con-
sulted with major firms, including Xerox, Lucent Technologies, and FINA
Oil, assisting in the development and implementation of IP-based com-
munications strategies.Tom is a Windows 2000 editor for Brainbuzz.com
and a Windows 2000 columnist for Swynk.com.
Tom attended medical school at the University of Illinois in Chicago
and trained in neurology at the Oregon Health Sciences Center in
Portland, Oregon. His fascination with interneuronal communication ulti-
mately melded with his interest in internetworking and led him to focus
on systems engineering.Tom and his wife, Debra Littlejohn Shinder,
design elegant and cost-efficient solutions for small- and medium-sized
businesses based on Windows NT/2000 platforms.Tom has contributed
to several Syngress titles, including Configuring Windows 2000 Server
Security (ISBN: 1-928994-02-4) and Managing Windows 2000 Network
Services (ISBN: 1-928994-06-7), and is the co-author of Troubleshooting
Windows 2000 TCP/IP (1-928994-11-3).
Debra Littlejohn Shinder (MCSE, MCT, MCP+I), is an independent
technology trainer, author, and consultant who works in conjunction with
her husband, Dr.Thomas Shinder, in the Dallas-Ft.Worth area. She has
been an instructor in the Dallas County Community College District
since 1992 and is the Webmaster for the cities of Seagoville and
Sunnyvale,Texas.
Deb is a featured Windows 2000 columnist for Brainbuzz.com and a
regular contributor to TechRepublic’s TechProGuild. She and Tom have
authored numerous online courses for DigitalThink (www.digitalthink
.com) and have given presentations at technical conferences on Microsoft
certification and Windows NT and 2000 topics. Deb is also the Series
Editor for the Syngress/Osborne McGraw-Hill Windows 20000 MCSE
study guides. She is a member of the Author’s Guild, the IEEE IPv6 Task
Force, and local professional organizations.
132_ISA_FM 4/2/01 4:29 PM Page ix
x
Deb and Tom met online and married in 1994.They opened a net-
working consulting business and developed the curriculum for the MCSE
training program at Eastfield College before becoming full-time tech-
nology writers. Deb is the co-author of Syngress’s Troubleshooting Windows
2000 TCP/IP (ISBN: 1-928994-11-3) and has contributed to Managing
Windows 2000 Network Services (ISBN: 1-928994-06-7) and Configuring
Windows 2000 Server Security (ISBN: 1-928994-02-4). She is the proud
mother of two children. Daughter Kristen is stationed in Sardinia, Italy
with the U.S. Navy and son Kristoffer will enter college this fall on a
chess scholarship.
This book is dedicated to:
Our families, who believed in us and helped us to believe in ourselves: both Moms,
Rich and D, and Kris and Kniki.
The friends and colleagues, many of whom we’ve never “met,” with whom we work
and talk and laugh and cry across the miles through the wonder of technology that
allows us to building a meeting place in cyberspace.
We also dedicate this book to each other. It is a product of the partnership that is our
marriage, our livelihood, and—we hope—our legacy.
DLS & TWS
132_ISA_FM 4/2/01 4:29 PM Page x
xi
Technical Editor
Martin Grasdal (MCSE+I, MCT, CNE, CNI, CTT, A+), Director of
Cramsession Content at Brainbuzz.com, has worked in the computer
industry for over eight years. He has been an MCT since 1995 and an
MCSE since 1996. His training and networking experience covers a
broad range of products, including NetWare, Lotus Notes,Windows NT
and 2000, Exchange Server, IIS, and Proxy Server. Martin also works
actively as a consultant. His recent consulting experience includes contract
work for Microsoft as a Technical Contributor to the MCP Program on
projects related to server technologies. Martin lives in Edmonton,Alberta,
Canada, with his wife Cathy and their two sons.
132_ISA_FM 4/2/01 4:29 PM Page xi
132_ISA_FM 4/2/01 4:29 PM Page xii
Contents
xiii
Introduction
Chapter 1 Introduction to
Microsoft ISA Server 1
What Is ISA Server? 2
Why “Security and Acceleration” Server? 3
Internet Security 3
Internet Acceleration 8
The History of ISA: Microsoft Proxy Server 9
In the Beginning: Proxy Server,
Version 1.0 9
Getting Better All the Time:
Proxy Server,Version 2.0 10
A New Name for New and Improved
Functionality: Proxy Server 3.0
(ISA Server) 11
ISA Server Options 15
ISA Standard Edition 15
ISA Enterprise Edition 16
ISA Server Installation Modes 18
Understand how ISA
Server fits into .NET
Just as Proxy Server was
considered a member of
the Microsoft BackOffice
Family, ISA Server also
belongs to a new
Microsoft "family," the
members of which are
designed to work with
Windows 2000 in an
enterprise environment.
This group of enterprise
servers is now called the
Microsoft.Net family, or
simply ".Net" (pronounced
dot-net) servers.
132_ISA_ToC 4/2/01 5:02 PM Page xiii
Không có nhận xét nào:
Đăng nhận xét