Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
NLB Question - Is this possible?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
NLB Question - Is this possible? - 15.Jan.2008 2:46:28 PM
|
|
|
marcus0051
Posts: 5
Joined: 15.Jan.2008
Status: offline
|
I have 2 ISA (std) servers now, each with a different ISP. MY boss now wants to make those redundant.. ie, if ATT goes down (connected to isa01), it uses the ISP connected with ISA02. I have tried setting the services to fail if a connectivity verifier detects a down, and to point the firewall clients to ISA02, and this works, but when I set ISA02 for the same (pointing to ISA01) neither will work... (detecting a loop in the auto config??)
If I go to 2006EE, can they be setup for NLB but each ISA server's WAN is on a different subnet?
I am only interested in HTTP outbound. We use a web-based app housed online and do not care about inbound access, or anything other than HTTP.
|
|
|
|
|
RE: NLB Question - Is this possible? - 15.Jan.2008 3:26:03 PM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
All NLB members must be on the same layer3 subnet.
http://technet2.microsoft.com/windowsserver/en/library/1611cae3-5865-4897-a186-7e6ebd8855cb1033.mspx?mfr=true
But since you are only interested in HTTP outboud (web proxy traffic), you may be able to implement ISA 2006 EE without NLB configured on the External network. (although you'll need to ensure that the internal network interfaces are on the same layer3 subnet, in order to configure NLB for the web proxy traffic destined to your ISA array). Depending on how your NAT'ing (and ISP failover) is configured, you may run into issues with certian external websites, which require the source IP address to remain for the duration of the session to their website.
|
|
|
|
|
RE: NLB Question - Is this possible? - 15.Jan.2008 3:31:31 PM
|
|
|
marcus0051
Posts: 5
Joined: 15.Jan.2008
Status: offline
|
The internal NICs are on the same subnet. Would the ISA servers require 3 NICs then? INTERNAL, EXTERNAL, and one for Inter array communication?
|
|
|
|
|
RE: NLB Question - Is this possible? - 15.Jan.2008 3:40:53 PM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
yes, that's what I recommend.
|
|
|
|
|
RE: NLB Question - Is this possible? - 15.Jan.2008 3:41:58 PM
|
|
|
marcus0051
Posts: 5
Joined: 15.Jan.2008
Status: offline
|
Last question.... If my configuration was housed on another computer, and both ISA's pointed to it, would that PC require a NIC on the inter-array communications network?
|
|
|
|
|
RE: NLB Question - Is this possible? - 15.Jan.2008 3:46:04 PM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
Please let me know if I understand correctly. If your ISA CSS (configuration storage server) is located on a separate host, does that host need to be connected, to the intra-array network? If so, there answer is no.
|
|
|
|
|
RE: NLB Question - Is this possible? - 15.Jan.2008 3:47:42 PM
|
|
|
marcus0051
Posts: 5
Joined: 15.Jan.2008
Status: offline
|
you are correct... I was just wondering.. I'm testing the setup in VM, and my CSS server can not longer access the 2 ISA servers.... Thanks for the quick responses. I will keep working on this problem to test if NLB will work for internal only.
|
|
|
|
|
RE: NLB Question - Is this possible? - 15.Jan.2008 3:51:08 PM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
please be advised (in case you don't already know) that you can only have one gateway assigned to your ISA Server (which should be the External NIC) and you'll have to add any relevant routes as persistant routes to your servers routing table.
|
|
|
|
|
RE: NLB Question - Is this possible? - 25.Jan.2008 6:53:45 AM
|
|
|
clivec@cmc.uk.com
Posts: 1
Joined: 25.Jan.2008
Status: offline
|
Hi
I am facing the same challenge; using 2 x ISA 2006 EE and NLB on the LAN. I have primary WAN link (leased line/integrated fallback ADSL). That should be the main connectivity using ISA-A
There is a second ADSL, as fallback (if the Router or Leased Line & ADSL fail), conneted to ISA-B
I would like ISA-A to provide outbound (web) access usually, but if ISA-A detects (connectivity verifier) no response, ISA-A should go out of service so that ISA-B provides connection.
Is this possible? It is really only outbound web & DNS access which is required... If so:
1. How do I get the connectivity verifier (on ISA-A) to turn on/off the ISA-A server on the NLB
2. How do I ensure ISA-A is the priority? Is that just down to the NLB parameters?
Thanks,
_____________________________
Clive Crocker
|
|
|
|
|
RE: NLB Question - Is this possible? - 5.Nov.2008 5:12:49 PM
|
|
|
aungar
Posts: 12
Joined: 22.Aug.2008
Status: offline
|
how do you get the connectivity verifier to shut a service?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
