Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
2nd private network
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
2nd private network - 4.Jan.2006 3:19:47 PM
|
|
|
dmuscat
Posts: 15
Joined: 23.Jul.2004
From: Detroit Mi.
Status: offline
|
I am an admin a school and I have the following working configuration:
I am currently running ISA 2004 on W2K3 in a tri-homed configuration.
Currently I have NIC 1 pointing to the internet router.
I have NIC 2 pointing to my private network.
I have NIC 3 pointing to my DMZ.
We have a second building of the school located a distance away. Our ISP has routed there T-1 private network to the primary buildings router. they wish us to access the T-1 that the primary building is using. They indicated that I may need to add a 4th nic to create a second private network. I would then need to have these networks talk and trust each other.
Can I add a 4th interface and will I need to be bulking up memory or anything on the physical server?
Dave M.
|
|
|
|
|
RE: 2nd private network - 4.Jan.2006 4:29:18 PM
|
|
|
dmuscat
Posts: 15
Joined: 23.Jul.2004
From: Detroit Mi.
Status: offline
|
Another question, is adding a 4th nic the right thing to do?
If not how would I bring in that other connection to the ISA server?
Dave M.
|
|
|
|
|
RE: 2nd private network - 10.Jan.2006 5:26:26 AM
|
|
|
carorieta
Posts: 102
Joined: 15.Dec.2005
Status: offline
|
Hi Dave,
Well, I have seen people who set up 4 and 5 NICs.
For example, a hotel with wireless connectivity for their customer, Located the wireless LAN on a fourth NIC, this approach completely separated their LOCAL LAN and the Wireless LAN for security purposes. The customer had access to the Internet ONLY.
I have seen (here in the forums) people joining two or three subnets by using ISA 2004 with multiple NICs (ISA working as a router) and taking aventage of the application\inspection filtering, etc of ISA 2004 between the 2 networks.
With this approach you have to do some configuration on the Firewall to allow comunication between the two "Internal networks"
The second approach is the network behind a network scenario, where both building connect through the router. Traffic between buildings is not ispected by your firewall. All you have to do is some configuration on the router to point to the ISA 2004 internal machine as the network of last resource (of course you need your router entries between the two subnets)
The configration will look like this:
INTERNET- -ISA- -BUILDINGONE- -ROUTER- -BUILDINGTWO
Given that ISA on the internal does not have a DG, you need to modify the routing table on the ISA machine
Minimum ISA configuration changes are done with this approach.
Mr. Shinder has an excelent scenario about Setting UP a network behind a network, here is the link:
http://www.isaserver.org/articles/2004netinnet.html
About the server resources, monitor your Server resources.
Just remember, a memory upgrade don't break the bank anymore, I always prefer to have more than what I need.
Good luck
Cesar
_____________________________
carorieta
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
