ISA 2006 NLB with multiple Networks

ISA 2006 NLB with multiple Networks (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure

Message

vhowell -> ISA 2006 NLB with multiple Networks (23.May2008 10:17:28 AM)
I have two ISA 2006 EE servers. I want to be able to Load Balance them using integrated NLB. I have made two attempts with little success. My network consists of 4 networks (NICs). External (the Internet), Internal (Faculty and Staff), Dorms, and DMZ. I have servers in the Internal Network, (DNS, DHCP, AD, Terminal servers, and some www servers) that need to be accessed by the internal network, Dorm network and in some special cases by machines located in the DMZ and External networks. I have a NAT rule for Internal, Dorms, and DMZ to the Internet. I have Route rules setup for access from Dorms to Internal, Dorms to DMZ, Internal to DMZ, DMZ to internal, and VPN clients to Internal, Dorms and DMZ. My first attempt very little worked. I could not access some resourced located on the internal network from the Dorms net or the DMZ. I could connect to web pages located in the DMZ (Web publish rules) but I could not SSH to servers in the DMZ (Access rules). I ran accross this article http://blogs.technet.com/isablog/archive/2008/03/12/bi-directional-affinity-in-isa-server.aspx that seemed to indicate that I needed to change the source and destination networks in my Route Network Rules. I did this and was able to get things to work to the DMZ. However I was still unable to get things to work from the internet to the Internal network. I could access servers located in the DMZ but I could not access terminal servers locaed on the internal network or www servers located on the internal network. Strangly enough I could access our Share Point Portal server, which is located on the internal network, from anywhere. It worked without any problems. We worked on it for several hours with starnge results. I eventually turned back on our old single ISA 2006 server to get the network back up. I had run accross the article on NLB BiDirectional Affinity on ISA server 2004 SE and read it. I noticed a statement in the section on BDA Limitations that said " If you have networks A, B and C, there is no way to define RevHash on each, such that all three pairs (A,B; B,C; A,C) have complementary relations. " Does this mean that NLB will not work in my mulitple network configuration? Any help on this would be greatly appreciated. Thanks

Page: [1]