Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Communicating two private subnets
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Communicating two private subnets - 17.Jan.2006 10:41:28 AM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
HI Tom,
I know about firewall chaining but what I understood what I read on teh documentation about ot is that you have to redirect all request of teh same type to the same firewall and what I need is to route to different firewalls depending on the domain requested.
It is possible to activate different routes for different domains using firewall chaining?
Thanks,
|
|
|
|
|
RE: Communicating two private subnets - 18.Jan.2006 10:44:49 AM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Hi Tom,
Not really because POlicy based Routing is used to communicate the same networks but using different routes; what we want is to communicate different networks based on their domain_names (beacuse all of them have the same internal networkId) the only different between them is the domain_name (domain1, domain2, domain3,...) This is the reason we are interested in examining the application layer, to search for the FQDN of the machine and with the domain name, send the paket to a destination or other.
Then, when the packet arrives to the isa server serving the other network it explores the FQDN and retransmits to the properly internal machine.
I think that it is possible using application filters programmed properly, but I think that it is not possible using only implemented things (maybe with the socksv5 filter that I said to you the other day)
DO you have any other idea?
Thanks a lot,
Ana Beatriz Solana
|
|
|
|
|
RE: Communicating two private subnets - 19.Jan.2006 6:58:19 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Ana,
You could do this with publishing rules, both Web and Server Publishing rules.
I sure would like to see an example network diagram of the exact configuration you're trying to accomplish.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Communicating two private subnets - 19.Jan.2006 12:36:23 PM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Hi Tom,
The exactly situation is the following:
10.0.0.1 163.10.2.5 163.158.92.25 10.0.0.1
Domain 1 ------Isa server ----------- Internet ------------isa server------ Domain 2
10.0.0.0/16 | 10.0.0.0/16
| 168.56.23.12
isa server
| 10.0.0.1
Domain 3
10.0.0.0/16
Each of this domains have the same range of IP private addresses and all of their machines can want to communicate with any machine in any other subnet, so it is not possible to make port mapping for all the possible combinations.
The solution could be routing by fqdn because the name of the domains are different, so having different DNS zones we could reach any subnet and internally resolves the IP address, it is like IPNL.
Thanks,
|
|
|
|
|
RE: Communicating two private subnets - 20.Jan.2006 7:51:03 PM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Hi TOm,
Yes, all machines know the domain names of all of the machines (because all machines in the private subnets are called equal but with different domain name. Example: a.domain1, b.domain1 a.domain2,b.domain2 a.domain3,b.domain3)
thanks,
ana bea
|
|
|
|
|
RE: Communicating two private subnets - 23.Jan.2006 9:29:26 AM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Hi Tom,
It doesn't really matter us, the only important things is that each domain is server by a differnet DNS server, if tge solution consist on creating different AD, we will think in that possibility.
Thanks,
ana bea
|
|
|
|
|
RE: Communicating two private subnets - 24.Jan.2006 9:37:39 AM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Hi,
Yes, but the problem is that if I want to publish the same protocol for different machine I couldn't use the same port, could I?
So, there is not anything in ISA to perform FQDN routing, isn't there?
Thanks,
ana beatriz
|
|
|
|
|
RE: Communicating two private subnets - 24.Jan.2006 3:20:51 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Ana,
Sure you can. You just need to use another IP address.
DNS is responsible for name resolution, so there's no problem with that either.
Make sense?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Communicating two private subnets - 26.Jan.2006 9:16:32 AM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Hi Tom,
NOt really, because I only have one IP public address to server my private subnet. So my idea was that all traffic from a protocol arrived ISA machine and there, it resolved the DNS name (of destination machines in the private subnet) and sent to it.
Thanks,
ana bea
|
|
|
|
|
RE: Communicating two private subnets - 26.Jan.2006 10:52:58 AM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Hi again Tom,
I have another different question now. HOw can I publish a service that it is in teh same machine as ISA Server 2004? I am going to have SBS 2003 installed.
So, I want to publish the service but it is in the public interface, can I use the Server PUblishing rules in a similar way?
Thanks,
ana bea
|
|
|
|
|
RE: Communicating two private subnets - 27.Jan.2006 5:12:47 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: ana_beatriz
Hi again Tom,
I have another different question now. HOw can I publish a service that it is in teh same machine as ISA Server 2004? I am going to have SBS 2003 installed.
So, I want to publish the service but it is in the public interface, can I use the Server PUblishing rules in a similar way?
Thanks,
ana bea
Hi Ana,
Yes, but make sure you use the installation wizards with SBS, because there are many security and configuration compromises made when the ISA firewall software is installed on SBS.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Communicating two private subnets - 27.Jan.2006 6:14:06 PM
|
|
|
ana_beatriz
Posts: 20
Joined: 27.Dec.2005
Status: offline
|
Thanks very much for all Tom,
I think we are going to use the configuration with needes services in the same ISA machine, so we were careful.
ana bea
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
