hi, tom, I,m still suffering with nlb on the external interface as I informed you in my last post ( nlb on external).
I'm working for a small company who has a nat router ( vigor 2900 router) in front of the isa server . the vigor make a ppttp connection through the adslmodem to the internet. In the router setup I made portmappings for services like smtp , http,https, etc... . all traffic through the router is passing the isa server external interface.
As I mentioned before I get internal nlb working. But for some reason I lose internet connection when I enable nlb on the external interface. THe configuration is ok i,m sure about it. The company wants loadbalancing for publishing services on the external interface. that are one the benefits.
I checked also with netmon and ethereal whats going wrong, but I can 't find anything I think myself it has something to do with the nat device in front of the isa.but I,m wondering why it's working for the inside , and not the outside.
I spends a lot of time solving this issue,but the company demands now a quick solution and asked me to look for alternatives. I saw rainwall could be a good alternative, but my question is could it solve the problem I have ?. I look for a trial version of rainwall to test it out, but since emc tooks over it's not available for trial anymore. First I want to try out before I buy the software, if I buy first and it's not the right solution I'm wasting a lot of money. I contact emc for a trial , but they never respond to me. Do you have an idea where I can find rainwall for testing purpose.?
It could be the NAT device, but it's not NAT itself.
For example, on the network that I'm writing this message, there is a front-end ISA firewall and a back-end ISA firewall array that has NLB enabled on both the internal and external interfaces. Both the front-end and back-end ISA firewall's are performing NAT. In addition, there is a NAT device in front of the front-end ISA firewall (required for FiOS services).
I think also it is not nat himself,. At your network does the nat device have the connection to the internet as in my situation?. It is strange because all services are running when I enable nlb on the external interface and everything looks green in the monitor log. I thinks it has something to do with the external connection which gateway points to the router's ip. without nlb everything works fine, so in my point of view the connection between the router and the isa to the internet works fine. I can try with a direct modem internet connection and unplug the router for a while to make sure if the router is the problem or not. by the way is the nlb from windows server 2003 something different from the nlb in isa server or is it working the same way? if you had any suggestions please let me know and thanks till so far
ps could dns be an issue ? I,m using an internal dns server who is resolving through the external dns of the isp dns.
< Message edited by andfirth -- 7.Jul.2006 1:09:40 AM >
Internet | FiOS NAT Device | ISA Firewall | ISA Firewall Array | Clients and Servers
The FiOS NAT device, the front-end ISA firewall, and the ISA firewall array all perform NAT. I don't think DNS is an issue.
Maybe your NAT device doesn't work with Unicast mode? Unicast mode does change the MAC addresses and assigns bogus MAC addresses to fool the switch. The device in front of the ISA firewall array should be able to read the actual NLB array MAC address from the ARP/RARP messages.