Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Two Internet Gateways

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Two Internet Gateways Page: [1]
Login
Message << Older Topic   Newer Topic >>
Two Internet Gateways - 22.Mar.2007 3:38:38 PM   
tvmo

 

Posts: 12
Joined: 21.Mar.2007
Status: offline 		Hello

You'll have to excuse me if I'm a little naive, I'm pretty new to ISA.

I'm involved in a project to set up two ISA Server 2006 servers in an array. We have two Internet gateways guarded by two front-end Cisco PIX firewalls. The idea is to keep the PIX firewalls as front-end firewalls and the ISA array will be the back-end firewall/proxy.

Is there anyway that the two Internet gateways could be utilised in this scenario for load-balancing/resilience?

Be gentle with me.

Thanks
Post #: 1
RE: Two Internet Gateways - 1.Apr.2007 11:55:18 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Does pix have any intelligence built in that supports NLB like functionality?

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to tvmo)
Post #: 2
RE: Two Internet Gateways - 4.Apr.2007 1:38:51 PM   
cbuechler

 

Posts: 23
Joined: 20.Feb.2006
Status: offline 		Sounds like they have two separate Internet connections with two separate PIX firewalls. If that's indeed the case, first I would put both Internet connections on a single perimeter router, make the PIX's a failover pair, or active/active cluster if on PIX OS 7.0, configure whatever load balancing or specific routing is desired on the perimeter router, and install ISA as if it were a single Internet connection.

Then there are a number of ways, assuming the perimeter router is a Cisco, that you can use policy routing to direct the traffic to the desired Internet connection. You can use source or destination IP, IP protocol or TCP or UDP port, DiffServ which ISA can tag the packets with, amongst a number of other possibilities. I do something pretty similar to this at one site and it works great.

(in reply to tshinder)
Post #: 3
RE: Two Internet Gateways - 4.Apr.2007 3:02:45 PM   
tvmo

 

Posts: 12
Joined: 21.Mar.2007
Status: offline 		That's great thanks, that information was worth waiting for.

I'll have some questions up my sleave when I speak with the newtork guys now.

Thanks again.

(in reply to cbuechler)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Two Internet Gateways Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts