Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Trihomed ISA 2004 server, routing traffic
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Trihomed ISA 2004 server, routing traffic - 23.May2005 8:33:00 AM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
Hi,
I'm looking for pointers about configuring a trihomed ISA server.
Currently, my ISA server has 2 interfaces; an external, and internal. Routing and publishing in this setup are nobrainers, there are no great issues. We publish a number of services on a fixed IP address (OWA, Intranet, SMTP, VPN) and have a VPN connection to a second site.
Last Friday, we received our additional ADSL line to remove trivial internet traffic from our main connection (HTTP browsing, FTP downloads etc). I'm trying to figure out what the best method of configuring this is with ISA Server 2004.
In this new situation, the ISA server has 3 network interfaces:
IF1 - Fixed, routed public IP address for SMTP/intranet services
IF2 - One IP address on the internal network - 192.168.0.0/23
IF3 - One IP address on a NAT'ed network to the ADSL router - 192.168.254.0/24
My goal is to keep receiving the published web services on IF1 (this should require no change), to route the outgoing VPN (and possibly SMTP) traffic through IF1, and to route all other internet traffic through IF3. The external VPN endpoint and the SMTP relay server both have fixed IP addresses, so I think this might be fixed by setting the default route to the ADSL router, and adding static routes for the SMTP relay and VPN endpoint. I'm assuming the published services will still respond on their configured interfaces, regardless of the newfangled routes.
![""]("http://www.abhoth.demon.nl/Trihomed.png")
Can anyone see any snags when implementing this? Anything particular I'd need to pay attention to?
-M
[ May 23, 2005, 08:34 AM: Message edited by: mbassie ]
|
|
|
|
|
RE: Trihomed ISA 2004 server, routing traffic - 23.May2005 10:27:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi M,
Multiple Internet connections = RainConnect.
Check it out at www.rainfinity.com
HTH,
Tom
|
|
|
|
|
RE: Trihomed ISA 2004 server, routing traffic - 30.May2005 9:56:00 AM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
Hi Tom,
I wasn't really looking for redundancy, so I played around a bit this weekend, before running into that brick wall pointing me at a tool like Rainconnect ![[Smile]](/image/smiles/smile.gif) .
I did find out the following:
As long as you -only- have outgoing traffic, you can use simple routing table entries to split it up by network or IP address - so, if you have dedicated (outgoing) VPN connections over one connection, and trivial traffic on another, you can set a default route over the trivial one, and create routing table entries (and accompanying rules) for the VPN IPs.
In a similar case, if you receive requests for published sites or services on the interface with a default gateway, ISA will be able to return proper responses. If the published services live on another connection, it's likely return traffic will fail.
Of course, there's no way to split by protocol
I'll be able to solve my problem by adding a second ISA server in the same network, setting that as default gateway, and having it route the VPN subnets to the first ISA server. It's not the prettiest solution, but the most affordable at this time.
-Martin
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
