• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

nlb general question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> nlb general question Page: [1]
Login
Message << Older Topic   Newer Topic >>
nlb general question - 6.Jul.2006 4:25:17 PM   
andfirth

 

Posts: 83
Joined: 19.Feb.2004
From: Netherlands
Status: offline
hi, tom,
I,m still suffering with nlb on the external interface as I informed you in my last post ( nlb on external).

I'm working for a small company who has a nat router  ( vigor 2900 router)  in front of the isa server . the vigor make a ppttp connection through the adslmodem to the internet. In the router setup I made portmappings for services like smtp , http,https, etc... .  all traffic through the router is passing the isa server external interface.

As I mentioned before I get internal nlb working. But for some reason I lose internet connection when I enable nlb on the external interface. THe configuration is ok  i,m sure about it. The company wants loadbalancing for publishing services on the external interface. that are one the benefits.

I checked also with netmon and ethereal whats going wrong, but I can 't find anything  I think myself it has something to do with the nat device in front of the isa.but I,m wondering why it's working for the inside , and not the outside.

I spends a lot of time solving this issue,but the company demands now a quick solution and asked me to look for alternatives. I saw rainwall could be a good alternative, but my question is  could it solve the problem I have ?.
I look for a trial version of rainwall to test it out, but since emc tooks over it's not available for trial anymore.
First I want to try out before I buy the software, if I buy first and it's not the right solution I'm wasting a lot of money.
I contact emc for a trial , but they never respond to me.
Do you have an idea  where I can find rainwall for testing purpose.?

thanks andy
Post #: 1
RE: nlb general question - 6.Jul.2006 4:32:40 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Andy,

It could be the NAT device, but it's not NAT itself.

For example, on the network that I'm writing this message, there is a front-end ISA firewall and a back-end ISA firewall array that has NLB enabled on both the internal and external interfaces. Both the front-end and back-end ISA firewall's are performing NAT. In addition, there is a NAT device in front of the front-end ISA firewall (required for FiOS services).

So, NAT is not an issue.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to andfirth)
Post #: 2
RE: nlb general question - 6.Jul.2006 10:09:28 PM   
andfirth

 

Posts: 83
Joined: 19.Feb.2004
From: Netherlands
Status: offline
hi tom thanks for your reply.

I think also it is not nat himself,.
At your network does the nat device have the connection to the internet as in my situation?.
It is strange because all services are running when I enable nlb on the external interface and everything looks green in the monitor log. I thinks it has something to do with the external connection which gateway points to the router's ip. without nlb everything works fine, so in my point of view the connection between the router and the isa to the  internet works fine. I can try with a direct modem internet connection and unplug the router for a while to make sure if the router is the problem or not.
by the way is the nlb from windows server 2003 something different from the nlb in isa server or is it  working the same way?
if you had any suggestions please let me know and thanks till so far

Andy

ps could dns be an issue ? I,m using an internal dns server who is resolving through the external dns of the isp dns.



< Message edited by andfirth -- 7.Jul.2006 1:09:40 AM >

(in reply to tshinder)
Post #: 3
RE: nlb general question - 9.Jul.2006 8:06:26 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Andy,

Here is my network:

Internet
  |
FiOS NAT Device
  |
ISA Firewall
  |
ISA Firewall Array
  |
Clients and Servers

The FiOS NAT device, the front-end ISA firewall, and the ISA firewall array all perform NAT.
I don't think DNS is an issue.

Maybe your NAT device doesn't work with Unicast mode? Unicast mode does change the MAC addresses and assigns bogus MAC addresses to fool the switch. The device in front of the ISA firewall array should be able to read the actual NLB array MAC address from the ARP/RARP messages.

HTH,
Tom


_____________________________

Thomas W Shinder, M.D.

(in reply to andfirth)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> nlb general question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts