Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Plan an ideal ISA2006 infrastructure?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Plan an ideal ISA2006 infrastructure? - 2.Jan.2008 12:47:09 AM
|
|
|
stu1st
Posts: 39
Joined: 4.Nov.2007
Status: offline
|
Hi everyone, i have a single network(domain), segmented to 2 Vlans, first Vlan is for servers (where my 3 ISA2006 servers lay), 2nd Vlan is for users.....
I have 3 ISA2006 server , 2 configured as 2 members in same array, 3rd ISA server is the CSS server, the single network adapter template is used....
Am facing a lot of problems with connecting to ISA servers and i've read about the intra array communication should be with dedicated networkk cards, how can i have a better ISA2006 servers infrastructure ?? i dont mind having the CSS on both servers instead of having a third one for that......how can i configure the intra array communication using a dedicated network card (IP addressing and so) with the NLB functioning properly??
Any help is appreciated.....Thanks.
|
|
|
|
|
RE: Plan an ideal ISA2006 infrastructure? - 15.Jan.2008 3:38:44 PM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
I'd suggest deploying 3 NIC's on each ISA Server.
1. for Internal Network (with NLB)
2. for Intra Array communication (setup on dedicated HUB, or a switch, on a IP address that's not routable on your network and ensure that each ISA Server intra array address is on the same subnet, you'll want to keep the intra array network private)
3. for connecting ISA to the External (Internet) network
Setup Intra array communcation by:
Open your ISA MMC and browse to your Array,
click Configuration -> Server
double click on each array member and click on the Communication tab. And reference the Intra array address for that ISA Server.
|
|
|
|
|
RE: Plan an ideal ISA2006 infrastructure? - 15.Jan.2008 3:53:11 PM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
Also, please be advised (in case you don't already know) that you can only have one gateway assigned to your ISA Server (which should be the External NIC) and you'll have to add any relevant routes as persistant routes to your servers routing table. By migrating from a single NIC ISA Server infrastructure to a multi-homed ISA Server infrastructure, you'll have to account for such.
|
|
|
|
|
RE: Plan an ideal ISA2006 infrastructure? - 15.Jan.2008 11:43:30 PM
|
|
|
stu1st
Posts: 39
Joined: 4.Nov.2007
Status: offline
|
fisrt of all thanks for ur time and response, secondly, i followed steps you mentioned but i have some questions:
1)Do i have to change the network template (i have a single network adapter template)?
2)Do i have to create a new network for the intra array? and if yes what exactly should be done ?
Am asking those questions cuz i faced a problem after dedicating a NIC for intra array communication, all authenticated users were asked to enter their user names and passwords after that change !!! what should be done ??
|
|
|
|
|
RE: Plan an ideal ISA2006 infrastructure? - 16.Jan.2008 9:15:51 AM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
quote:
ORIGINAL: stu1st
fisrt of all thanks for ur time and response, secondly, i followed steps you mentioned but i have some questions:
1)Do i have to change the network template (i have a single network adapter template)?
I'd change the network templage to match where ISA sits in your network.
quote:
ORIGINAL: stu1st
2)Do i have to create a new network for the intra array? and if yes what exactly should be done ?
Yes, create an internal network with that address range that includes your intra-array subnet. Enable the web proxy for the intra array network, and disable the firewall client and CARP for your intra array network. Also do not configure NLB for your intra array network.
|
|
|
|
|
RE: Plan an ideal ISA2006 infrastructure? - 16.Jan.2008 9:20:30 AM
|
|
|
abqtech
Posts: 216
Joined: 9.Mar.2004
Status: offline
|
quote:
ORIGINAL: stu1st
Am asking those questions cuz i faced a problem after dedicating a NIC for intra array communication, all authenticated users were asked to enter their user names and passwords after that change !!! what should be done ??
On your Internal Network Web Proxy, what authentication methods are enabled? Are you requiring all users to authenticate?
The access rule you're using for web proxy access to the internet, what users are configured in that rule?
|
|
|
|
|
RE: Plan an ideal ISA2006 infrastructure? - 1.Feb.2008 4:04:43 PM
|
|
|
stu1st
Posts: 39
Joined: 4.Nov.2007
Status: offline
|
On your Internal Network Web Proxy, what authentication methods are enabled? Are you requiring all users to authenticate?
Active directory authentication, requiring web users roup only.
The access rule you're using for web proxy access to the internet, what users are configured in that rule?
[/quote]
Web users group.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
