Home Network Setup with Threat Management Gateway (ISA Server)
I have purchased the public routed ip addresses and have some questions about setup and proper utilization of the RG. I would like to keep the default range (192.168.1.x) and dhcp enabled for my tv's and a few pc's but would like to setup a Microsoft Threat Management Gateway which would then have my internal domain servers connecting through the TMG.
I have set one of my public routed ip's to be used for the TMG and it has two nics, one assigned the public ip and one assigned a private IP from 10.0.0.x network.
Is it possible to have my internal domain pc's use a 10.0.0.x range, keep the 192.168.1.x range for my standard items, and route all 10.0.0.x traffic through the TMG. If so what do I set as the gateway on my internal 10.0.0.x network? Do I set my TMG up as an edge device or back firewall?
Re: Home Network Setup with Threat Management Gateway (ISA Server)
I have not used the Microsoft TMG, but I'll assume it works like any other router.
This will work as long as:
1. All PCs behind the TMG must use 10.0.0.x addresses. You can't have any public IPs from your public IP block behind the TMG, because there is no way to route to them (the U-Verse RG does not have a facility for inserting static routes).
2. You will have to separate the 192.168.1.x and 10.0.0.x networks physically. You can't run both logical subnets on the same physical network because there would then be two DHCP servers on the same physical LAN (the RG handing out 192.168.1.x addresses, and your TMG handing out 10.0.0.x addresses). The two networks will have to be separated physically, either using separate switches and wiring, or using VLANs.
3. The outside interface of the TMG will have to initially use DHCP to get an IP address from the U-Verse RG. You can then go into the RG and assign the TMG a static IP from your public range, and the RG will hand it out to the TMG using DHCP. It may not work if you assign the static IP to the TMG's outside interface directly (the TMG may not appear in the RG's device list).
4. In this configuration, your computers directly connected to the RG (192.168.1.x) won't be able to talk to computers behind the TMG (10.0.0.x) since the TMG is designed to be a firewall.