• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN to ISA Array

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN to ISA Array Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN to ISA Array - 4.Jul.2006 3:16:33 PM   
ijchase

 

Posts: 43
Joined: 6.Nov.2002
Status: offline
I am going to start building 2 new servers to replace our single ISA2000 VPN server hosting 350 concurrent connections.
The 2 new servers have to cope with approx 1000 concurrent VPN connections so we are looking at implimenting an ISA 2004 Array for this... but I have a nagging feeling that there will be an issue with the NLB on the array and the front Firewall (Pix) that does NAT Translation.

Can anyone confirm there will be an issue or not?
Post #: 1
RE: VPN to ISA Array - 7.Jul.2006 9:26:14 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi I,

There could be. How about giving the ISA firewall array publiic addresses and routing? The ISA firewall array is a lot more secure than a PIX anyhow, so I don't see the PIX offering much in terms of security.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to ijchase)
Post #: 2
RE: VPN to ISA Array - 10.Jul.2006 3:20:00 PM   
ijchase

 

Posts: 43
Joined: 6.Nov.2002
Status: offline
Hi Tom,
Unfortunately company policy demands back to back firewalls with the ISA being the back firewall.
The Pix is the development Front End Firewall, until we move it to the main Cisco DMZ network which our department has no control over. They mandate natting within the DMZ network so we have to build the servers in an identical enviriment.


Regards
Ian

(in reply to tshinder)
Post #: 3
RE: VPN to ISA Array - 10.Jul.2006 6:20:15 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ian,

Will the front-end NAT device preserve the original client IP address?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to ijchase)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN to ISA Array Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts