Publishing ports on ISA server when single-NIC template is used

A well known fact on the ISA servers is that to do web publishing well but is not very good on other applications. Today I was given the task to publish an arbitrarily port on an existing ISA server used only for web publishing.

The ISA server was originally configured with the single-NIC template. To do port forwarding you need at least two NIC's whatever your network looks like.

In my scenario I have one edge firewall (not ISA) handling all firewall stuff and I only want minimal impact on the existing network. The existing ISA server is configured with a single NIC.

To handle non-web publishing you will need to add a second NIC to the ISA server and some way have the ISA server contact the participating server using the second NIC. The servers do not need to be directly connected, but the route between the servers can not be through the public Interface on the ISA server. (For simplicity, keep the ISA server and the backend server on the same LAN.

When this is done you will need to do some things before you create a new publishing rule;

1. Change the definition on the Internal network to only reflect the IP addresses on the inside LAN of the ISA server (and the backend server). Apply your changes.
2. Change the network settings on all your existing web listeners. Until now - with the single NIC template you only had to use the Internal network as listening network. You now have to change all listeners to listen to the external instead of the internal network. If you have bound a listener to a specific IP address you will have to configure these addresses in addition to changing the network.

When this is done you can create the publishing rules you need.