Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
The North and South Nic Card Approach
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
The North and South Nic Card Approach - 4.Feb.2003 2:35:00 AM
|
|
|
pbanks
Posts: 9
Joined: 2.Feb.2003
Status: offline
|
[LIST] Hi,
I read on the site about relating the external network as North and the internal network as South. I dug that approach. Now for my question using that analogy. I know the South network card has to have the internal IP scheme of non routable adresses (LAT). When I configure the North card which is the external card, what IP excactly do I get from my ISP? Is it the one on the router itself (216.237.x.x)? That is my Cisco router's address. I'm not sure what the Subnet is.
Or should the ISA server have a mapped IP address in the router, kind of like my web servers and Exchange Server with an Internet external address and a non-routable internal address, but it's mapped? Does that make sense? I can clarify if needed. Thanks.
[/LIST] Paul
|
|
|
|
|
RE: The North and South Nic Card Approach - 4.Feb.2003 3:20:00 AM
|
|
|
pbanks
Posts: 9
Joined: 2.Feb.2003
Status: offline
|
Thanks Tolk,
What I mean by "mapped in the router" is: when running a web server, your ISP gives you let's say 8 static IP (Internet) addresses. That address is mapped to an Internal address inside(say a 192.x.x.x). That way when someone goes to www.blah.com, they hit the 216.x.x.x IP and it is mapped to an internal adddress, 192.x.x.x. It's sort of like a rule that's in a PGP e-ppliance firewall or like Publishing rules in ISA.
So say my router is 216.237.x.x from the Internet. Is that the IP that I give the external card on the ISA Server? Again, this is the setup.
The Internet is a T1 box. Then a RJ 45 goes out into a 2514 Cisco Router. Then from the router (NAT) to the switch where everyone can see the connection. I think the only place the ISA server can go is after the router and before the switch.
Does this make sense and do I give the ISA server external card the address at the router, the subnet of that address, and preferred DNS like where my sites are hosted on the ISP's server? WHEW!
|
|
|
|
|
RE: The North and South Nic Card Approach - 4.Feb.2003 8:48:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Paul,
a very good article how to set the ISA interfaces correctly is http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html .
In your case the design should look like: code:
PCs/SERVERS --- [Switch] --- [ISA] --- [Router] --- Internet
The external interface should be on the same networkID (subnet) as the Cisco LAN interface. In any case, don't apply NAT in the Cisco router. ISA server will take care of that.
HTH,
Stefaan
|
|
|
|
|
RE: The North and South Nic Card Approach - 5.Feb.2003 12:28:00 AM
|
|
|
pbanks
Posts: 9
Joined: 2.Feb.2003
Status: offline
|
Thanks. I guess I'm a little confused because when I had a PGP e-ppliance firewall, it had an IP address of the internal network behind the router. See, I'm not sure if I use an Internet address or an internal address for the External card. It's kind of confusing. Could we do some offline chating. Thanks.
Paul
|
|
|
|
|
RE: The North and South Nic Card Approach - 7.Feb.2003 8:15:00 PM
|
|
|
paulk
Posts: 22
Joined: 23.Jul.2001
From: Montreal, QC Canada
Status: offline
|
I think you are just confusing yourself with a lot of stuff you don't need.
I think what ppl are try to get at is:
Assume your router's address is 216.237.220.194 and you have 8 ip addrs, then
North or external card:
IP address: 216.237.220.195
Subnet: 255.255.255.248 (ie your router's subnet)
Defaut Gateway: 216.237.220.194 (Your router)
Effectively you turn off any routing and NAT functionality in your router.
Put another way, the only private ip addresses you use are south of your ISA box.
All your web, email, etc servers are also south of your ISA box but look to the outside world like they are at 216.237.220.195, so yes, your external DNS should show your www, MX etc as being at 216.237.220.195. You tell ISA how to route incoming requests to them using the "Publishing" section in ISA.
Of course, this is the very simpliest configuration - a better one would include the servers in a DMZ.
[ February 07, 2003, 08:20 PM: Message edited by: paulk ]
|
|
|
|
|
RE: The North and South Nic Card Approach - 8.Feb.2003 3:28:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Paul,
assuming you have 8 public routables IP's, 'paulk' is very right! The North or external interface of ISA *and* the Cisco router should be on the same public routable networkID.
HTH,
Stefaan
|
|
|
|
|
RE: The North and South Nic Card Approach - 8.Feb.2003 10:31:00 PM
|
|
|
pbanks
Posts: 9
Joined: 2.Feb.2003
Status: offline
|
Thanks guys. I'm going to try it this weekend. Have a good one.
Paul
|
|
|
|
|
RE: The North and South Nic Card Approach - 14.Feb.2003 5:02:00 AM
|
|
|
Bob O
Posts: 1
Joined: 13.Feb.2003
From: New Jersey
Status: offline
|
I have also read the article about the North South NIC Card configuation. The concern I have is that I am using SBS 2000 and ISA is already installed and it says that is running. I know it is not configured correctly. What steps should I take.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: The North and South Nic Card Approach - ![[Cool]](/image/smiles/cool.gif)
![[Wink]](/image/smiles/wink.gif)
![[Big Grin]](/image/smiles/biggrin.gif)
![[Smile]](/image/smiles/smile.gif)
