1.) Does ISA Server 2006 Standard Edition supports multiple VLAN 2.) If yes, How to configure. 3.) I have multiple VLAN,S in my Network 10.10.10.x 10.10.20.x 10.10.30.x ISA Server 2006 comes under 10.10.x.x VLAN.Clients under this VLAN can Access ISA Server to browse the web. Clients on 10.20.x.x and 10.40.x.x cannot access the ISA SERVER.I cannot ping the ISA Server from these two VALN,S. how can i configure VLAN access on the ISA SERVER. Urgently Need to Solve this Issue.Please Advice
** I have already added all the subnets in Internal Network. ** I would be glad to provide more info to solve the issue. ** Thank You
Make sure you have added static routes to those subnets.
_____________________________
Marcel Netherlands
MCTS, MCITP (SA,EA) MCP, MCSA:Security, MCSE:Security, CCNA, CCSA, CCSE, CCSE+ No matter how secure, there is always the human factor. http://www.phetios.com/
1.) I shoud be adding the static route from the ISA Server machine right 2.) Earlier i did add a static route, but i think i cud be wrong. so could you show me on how to add a static route for given subnet for my case.
The ISA server should know how to find the way to the clients. To make it simple: If you have set a default gateway then all traffic which ISA don't know in his routing table will be forwarded to his gateway. In routing terms you have something like: 0.0.0.0 mask 0.0.0.0 <address default gateway>
So because ISA doesn't belong to the 10.20.x.x subnet (for example) and he doesn't know how to get there then it will be forwarded to the default gateway.
So to make sure that ISA knows the route the the 10.20.x.x subnet you need to add static routes something like: Route add -p 10.20.x.x mask 255.255.0.0 <ip address internal layer 3 device> The internal layer 3 device would re-route the traffic to the correct segment.
Actually this isn't an ISA issue but a misconfiguration in the networking part.
In more understandable words (sorry english is not my native language so if I make it more confusing. See in this example the postal office as the ISA server.
If you need to send out a letter you usually bring it to the postal office for anything which you not really know or you don't want to drive it to.
However why would you bring it to your postal office if your letter has to go to your top floor.
Well your top floor isn't addressed by your postal office so the postal office would use his default route maby to the other end of the world (ok, it becomes a bit fictive
However if you tell to the postal office where he can find the top floor then he wouldn't send it out to the other end of the world....
although it sounds a bit confusing maybe I hope you understand what I mean. Otherwise I can really recommend you to watch the pretty old (but still usable) video from warriors of the net. http://www.warriorsofthe.net/
< Message edited by Dumber -- 10.Mar.2009 9:00:26 AM >
_____________________________
Marcel Netherlands
MCTS, MCITP (SA,EA) MCP, MCSA:Security, MCSE:Security, CCNA, CCSA, CCSE, CCSE+ No matter how secure, there is always the human factor. http://www.phetios.com/
Oh, I wasn't aware of that article but it probably explain it better than what I did...
_____________________________
Marcel Netherlands
MCTS, MCITP (SA,EA) MCP, MCSA:Security, MCSE:Security, CCNA, CCSA, CCSE, CCSE+ No matter how secure, there is always the human factor. http://www.phetios.com/
1.) Does ISA Server 2006 Standard Edition supports multiple VLAN Yes, it does.
2.) If yes, How to configure. - Add static route on the machine that we install ISA server - Configure the Internal and External correctly. Than you ready to go
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Well I'm going to be a stick in the mud here and say that I don't think this was approached correctly.
If ISA is "dealing with VLANs" then the VLANs have to have a Virtual Nic (to go with the Virtual LAN). Then each Virtual Nic would be treated as a separate Nic on the ISA. This means that
1. there is No Static Routes 2. a separate Network Definition has to be created on the ISA to associate with each Virtual Nic. 3. Access Rules need to be created to allow traffic between the different Network Definitons.
If this is a Network Behind a Network design then the ISA is Not dealing with VLANs here because the VLANs never "touch" the ISA and therefore the VLANs are treated as regular subnets with a LAN router handling them "apart" from the ISA.
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:
ORIGINAL: pwindell
Well I'm going to be a stick in the mud here and say that I don't think this was approached correctly.
If ISA is "dealing with VLANs" then the VLANs have to have a Virtual Nic (to go with the Virtual LAN). Then each Virtual Nic would be treated as a separate Nic on the ISA. This means that
1. there is No Static Routes 2. a separate Network Definition has to be created on the ISA to associate with each Virtual Nic. 3. Access Rules need to be created to allow traffic between the different Network Definitons.
If this is a Network Behind a Network design then the ISA is Not dealing with VLANs here because the VLANs never "touch" the ISA and therefore the VLANs are treated as regular subnets with a LAN router handling them "apart" from the ISA.
Hi, Let me tell you what happened with me. i have 18 VLANs and i want them to access the internet where i have 1 NIC and when i tried to add them, the ISA gave me an error that it doesn't support that number of VLANs. Thank you..