Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Multiple Outside IPs

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> Multiple Outside IPs Page: [1]
Login
Message << Older Topic   Newer Topic >>
Multiple Outside IPs - 19.Jun.2007 5:31:56 PM   
itadmin

 

Posts: 30
Joined: 21.Jul.2006
Status: offline 		Is there a way to specify that you want outbound traffic from certain sources to appear to come from a specific IP on your external interface when you have multiple IPs attached to the external interface?
Post #: 1
RE: Multiple Outside IPs - 19.Jun.2007 5:42:38 PM   
marcus2v

 

Posts: 78
Joined: 28.Oct.2001
From: Reading, UK
Status: offline 		Unfortunately not, ISA will NAT outbound connections using the default IP address on the external interface.

You could use another device in front of the ISA firewall which supports policy based NAT to possible achieve this. Though this is a bit of speculation as I've never tried out policy based NAT before.


(in reply to itadmin)
Post #: 2
RE: Multiple Outside IPs - 19.Jun.2007 6:22:49 PM   
itadmin

 

Posts: 30
Joined: 21.Jul.2006
Status: offline 		That is the quickest and most disappointing answer I could have gotten.  DOCTOR I NEED A SECOND OPINION!!  Anyone have any other ideas that may work?  (Thanks for the quick response though!)

(in reply to marcus2v)
Post #: 3
RE: Multiple Outside IPs - 20.Jun.2007 2:35:16 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi itadmin,

why don't you believe Marcus? He is right!

When you have a NAT relationship between the Internal and the External network, than all outbound traffic will be sourced from the primary IP address assigned to the ISA external interface. Nothing you can do about it, it's by design and holds through for ISA 2000, 2004 and 2006!

HTH,
Stefaan

(in reply to itadmin)
Post #: 4
RE: Multiple Outside IPs - 20.Jun.2007 4:51:17 PM   
marcus2v

 

Posts: 78
Joined: 28.Oct.2001
From: Reading, UK
Status: offline 		Thanks Stefaan

What do you think about the policy based NAT idea? If I had some spare cash (or if someone wants to buy me the appliance!) I'd give it a go as it seems like like quite a popular request to get this set up ... I could even rebrand the device as something like "ISA 1-to-1 Static natifier appliance"


(in reply to spouseele)
Post #: 5
RE: Multiple Outside IPs - 20.Jun.2007 5:06:21 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Marcus,

NAT enhancements are so high on the ISA wishlist that I wouldn't be surprised that the next version supports a far more flexible NAT configuration.

HTH,
Stefaan

(in reply to marcus2v)
Post #: 6
RE: Multiple Outside IPs - 20.Jun.2007 6:14:37 PM   
itadmin

 

Posts: 30
Joined: 21.Jul.2006
Status: offline 		It's not that I didn't believe him.  I didn't WANT to believe him.  Thanks for the help though.

(in reply to itadmin)
Post #: 7
RE: Multiple Outside IPs - 21.Jun.2007 3:20:30 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi itadmin,



Thanks,
Stefaan

(in reply to itadmin)
Post #: 8
RE: Multiple Outside IPs - 28.Jun.2007 6:40:31 AM   
AJStevens

 

Posts: 2
Joined: 28.Jun.2007
Status: offline 		Rats, well that answers my question too then.

I've got ISA setup as the back-end firewall in a two firewall setup with a Vigor 3300V.

I was hoping to be able to use Address Mapping on the Vigor 3300V and some similiar option in ISA 2006 to specify that traffic from the Email server comes from one IP, and clients another, Terminal Server another, Web Server another etc.

Hmm... I am surprised this functionality didn't make it into 2006, I've used 2004 before and became used to it after 2000 which I had difficulty understanding.
There are options for incoming, which WAN IP it listens on, presumably any traffic that is from external to internal *should* work, it's when the connection is started internally that it'll use the default IP on the WAN interface. *shakes fists* darn it.

Servers/Clients - > ISA 2006 -> Vigor3300V -> Internet

I don't suppose using multiple network cards will help either... "External" is external...

Andrew

(in reply to spouseele)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> Multiple Outside IPs Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts