• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

PAT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> PAT Page: [1]
Login
Message << Older Topic   Newer Topic >>
PAT - 26.Mar.2009 8:08:46 AM   
ldoodle

 

Posts: 158
Joined: 21.Mar.2005
From: England
Status: offline
Hiya,

How useabe is PAT in ISA 2006?

Basically, I have 6 services which need to be published, as well as 2 physical addresses for array members.

1.1.1.1 = FW1
1.1.1.2 = FW2
1.1.1.3 = VPN
1.1.1.4 = SMTP
1.1.1.5 = OWA
1.1.1.6 = Intranet
1.1.1.7 = RDP
1.1.1.8 = BES Server

We are changing ISP who have given us a /29 mask, but they require 3 addresses for their equipment. This leaves us only with 5 usable.

Is it possible to merge the above protocols and use PAT.

Basically, the question i'm asking is, is there a limitation as to what protocols can share the same external address and be directed to different physical servers.

I know you have use host headers for web publishing rules, but what about server publishing rules?

Thanks

< Message edited by ldoodle -- 26.Mar.2009 8:13:17 AM >
Post #: 1
RE: PAT - 26.Mar.2009 9:06:39 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi ldoodle,

Different services can exist on the same IP address as long as their port requirements are different.

As you say, with HTTP you can share a single IP address and then use host headers to determine which publishing to send the request to.

If you are using HTTPS publishing, this will normally require a dedictaed IP address per FQDN to match the certificate common name correctly; however, if you have a wildcard certificate you can then rely on host headers again (as above).

Server publishing rules are defined per protocol; hence you can have SMTP publishing and DNS publishing on the same IP address, but publishing to different published servers.

VPN is an interesting one, as I don't think you can reconfigure it to listen on specific address, all addresses are included by defatult I think...I tend to use the default external IP for VPN and routing; I then use other addesses for published services (that assumes I have enough addresses for elegance ).

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to ldoodle)
Post #: 2
RE: PAT - 30.Mar.2009 9:12:40 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

agreed with Jason.
quote:

VPN is an interesting one, as I don't think you can reconfigure it to listen on specific address, all addresses are included by defatult I think...I tend to use the default external IP for VPN and routing; I then use other addesses for published services (that assumes I have enough addresses for elegance ).

And If I not mistaken, use secondary IPs for vpn connections can cause you some connection troubles.

Regards,
Paulo Oliveira.

(in reply to Jason Jones)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> PAT Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts