This step-by-step instruction guide describes how to provide Internet access through a firewall by using Internet Security and Acceleration (ISA) Server. This procedure provides internal clients unrestricted outbound access to the Internet.
For best results, verify that the computer that is running ISA Server has two network interfaces installed: one with a direct connection to the Internet and another that is connected to the internal network. Make sure that the IP address of the external interface is publicly accessible, and make sure that the internal adapter has a private IP address. This article assumes that the external adapter has full and direct access to the Internet without having to route requests to an upstream server. ISA Server requires Microsoft Windows 2000 Server Service Pack 1 (SP1) or later.
To enable IP routing for SNAT (Secure Network Address Translation) clients:
In the Access Policy subtree, click IP Packet Filters.
Right-click IP Packet Filters, and then click Properties.
Click to select the Enable IP Routing check box.
On the client computers, under TCP/IP Properties, set the client computer's default gateway to be the internal adapter of the computer that is running ISA Server.
NOTE: After you complete these steps, only internal clients have Internet access. Not even the ISA Server itself has Internet access. This is by design, for security reasons. Granting Internet access to the ISA Server console would require the creation of packet filters that allow this access, which might reduce the level of security that ISA Server provides.