Carbonwind.net
Forefront TMG
ISA Server
Vyatta OFR
VPN
Virtualization
Firewalls
Cisco
Miscellaneous
Wireless

 04.06.2008
I've Just Installed ISA 2006 Firewall in Hyper-V RC1


After installing TMG Beta 1 in Hyper-V RC1, I've decided to try a simple ISA 2006 Firewall lab in Hyper-V RC1.
I  must say that Hyper-V seems pretty damn fast and my simple ISA lab did not encounter any major issues.
I've been using for a long time VMware products, but I'm starting to be convinced/seduced by the new Hyper-V.
Having an ISA lab on my laptop is quite important, because I can test various settings, topologies and I can prepare a configuration file for a production environment.

With Jim Harrison's post on my mind I've proceeded:
http://www.freelists.org/archives/isapros/05-2008/msg00059.html

Simple lab, two VMs:
- a VM on which to install Windows Server 2003 R2 SP2 x32 Enterprise Edition for the DC of this lab.
- a VM on which to install Windows Server 2003 R2 SP2 x32 Standard Edition for the ISA 2006 Firewall.

So I have the following Virtual Networks in Hyper-V, see Figure1.


Figure1: Hyper-V: Virtual Networks

The NICs on the host machine look like in Figure2 (I'm using my wireless adapter on my laptop, if you want more details see my TMG lab).


Figure2: Network Adapters on the Host

I've created a VM on which to install Windows Server 2003 R2 SP2 x32  Enterprise Edition for the DC of this lab.
I've used a Network Adapter for it and the "VN1" virtual network, see Figure4.


Figure4: Hyper-V: DC VM Settings

And installed Windows Server 2003 R2 SP2 x32 Enterprise Edition on it and configured it as a DC. No major problems here, see Figure5.


Figure5: Hyper-V: My DC VM up and running

Then I've created a VM on which to install Windows Server 2003 R2 SP2 x32 Standard Edition for the ISA 2006 Firewall.
I've used two Network Adapters for it: "BridgeVN" and "VN1" virtual networks. Syntethic NICs, see Figure6.


Figure6:  Hyper-V: ISA 2006 VM Settings

The installation of Windows Server 2002 R2 SP2 x32 Standard Edition completed without problems.

And so did the installation of ISA 2006 Firewall (domain member). I did not touch the registry on the ISA VM, see Figure7.


Figure7: Hyper-V: ISA 2006 VM up and running

Internet connectivity for VMs behind ISA is fine, see Figure8.


Figure8:  Hyper-V: ISA 2006 Log Web Access Internal Client

I did a quick test for inbound access from the Windows XP SP3 VM created for the TMG lab (I've published an IIS 6 web server), test which was successful, see Figure9 and Figure10.


Figure9:  Hyper-V: XP VM - Access the Web Server Published through ISA


Figure10:  Hyper-V: ISA 2006 Log Web Server Published through ISA

VPN Remote Access works without major problems too, see Figure11 and Figure12.


Figure11:  Hyper-V: XP VM - PPTP VPN Connection


Figure12:  Hyper-V: ISA 2006 Log PPTP VPN Connection