Case Study - Windows 2000 ISA Proxy Server Authentication Inside a DMZ

This paper describes the investigation process and implementation of IPSec policies to manage a wide range of communication traffic between two Windows 2000 servers. The use of IPSec allowed us to configure an ISA Proxy server to authenticate user login information back to an internal DC through a high security firewall. Extra configuration involving name resolution and security lockdowns completed our solution for a secure and functional proxy implementation. One of the most difficult aspects of firewall design is balancing security with functionality. In the absence of business requirements it is a straightforward task to design a highly secure firewall and DMZ environment, however, providing functionality to the organisation being protected by the perimeter network is every bit as important as providing high security. This case study is not going to discuss the broader concepts of DMZ design, instead I want to focus on a particular business requirement of a newly implemented perimeter network, how we studied the problem and the actions we took to provide the desired functionality. The topic I've chosen is interesting and hopefully will be valuable to others who would like to get extra value from their internal Active Directory service.