Multiple VLAN on ISA Server 2006 (Full Version)

All Forums >> [ISA 2006 General] >> Installation and Planning



Message


ravan_16 -> Multiple VLAN on ISA Server 2006 (10.Mar.2009 6:02:53 AM)

Good Day to all,

I have few questions:

1.) Does ISA Server 2006 Standard Edition supports multiple VLAN
2.) If yes, How to configure.
3.)
I have multiple VLAN,S in my Network
10.10.10.x
10.10.20.x
10.10.30.x
ISA Server 2006 comes under 10.10.x.x VLAN.Clients under this VLAN can Access ISA Server to browse the web.
Clients on 10.20.x.x and 10.40.x.x cannot access the ISA SERVER.I cannot ping the ISA Server from these two VALN,S.
how can i configure VLAN access on the ISA SERVER.
Urgently Need to Solve this Issue.Please Advice

** I have already added all the subnets in Internal Network.
** I would be glad to provide more info to solve the issue.
** Thank You




Dumber -> RE: Multiple VLAN on ISA Server 2006 (10.Mar.2009 6:06:23 AM)

Make sure you have added static routes to those subnets.




ravan_16 -> RE: Multiple VLAN on ISA Server 2006 (10.Mar.2009 7:51:04 AM)

thanks for ur reply Dumber,

I am newbie to all of this.

1.) I shoud be adding the static route from the ISA Server machine right
2.) Earlier i did add a static route, but i think i cud be wrong. so could you show me on how to add a static route for given subnet for my case.

Thanks in advance




Dumber -> RE: Multiple VLAN on ISA Server 2006 (10.Mar.2009 8:52:53 AM)

The ISA server should know how to find the way to the clients.
To make it simple:
If you have set a default gateway then all traffic which ISA don't know in his routing table will be forwarded to his gateway.
In routing terms you have something like: 0.0.0.0 mask 0.0.0.0 <address default gateway>

So because ISA doesn't belong to the 10.20.x.x subnet (for example) and he doesn't know how to get there then it will be forwarded to the default gateway.

So to make sure that ISA knows the route the the 10.20.x.x subnet you need to add static routes something like:
Route add -p 10.20.x.x mask 255.255.0.0 <ip address internal layer 3 device>
The internal layer 3 device would re-route the traffic to the correct segment.

Actually this isn't an ISA issue but a misconfiguration in the networking part.

In more understandable words (sorry english is not my native language so if I make it more confusing.
See in this example the postal office as the ISA server.

If you need to send out a letter you usually bring it to the postal office for anything which you not really know or you don't want to drive it to.

However why would you bring it to your postal office if your letter has to go to your top floor.

Well your top floor isn't addressed by your postal office so the postal office would use his default route maby to the other end of the world (ok, it becomes a bit fictive [:D]

However if you tell to the postal office where he can find the top floor then he wouldn't send it out to the other end of the world....

although it sounds a bit confusing maybe I hope you understand what I mean.
Otherwise I can really recommend you to watch the pretty old (but still usable) video from warriors of the net.
http://www.warriorsofthe.net/




paulo.oliveira -> RE: Multiple VLAN on ISA Server 2006 (10.Mar.2009 5:07:34 PM)

Hi,

you can also check this article:

Designing An ISA Server Solution on a Complex Network

Regards,
Paulo Oliveira.




Dumber -> RE: Multiple VLAN on ISA Server 2006 (10.Mar.2009 6:03:57 PM)

Oh, I wasn't aware of that article but it probably explain it better than what I did... [:D]




paulo.oliveira -> RE: Multiple VLAN on ISA Server 2006 (11.Mar.2009 7:28:05 AM)

[:D][:D]




ravan_16 -> RE: Multiple VLAN on ISA Server 2006 (16.Mar.2009 10:23:01 AM)

hey guys,

Thanks a lot for guide on this matter. I manage to settle my problem. Have to add the static route correctly.

Static route my scenario:
Route add -p 10.20.x.x mask 255.255.0.0 10.10.x.x
Route add -p 10.30.x.x mask 255.255.0.0 10.10.x.x

1.) Does ISA Server 2006 Standard Edition supports multiple VLAN
    Yes, it does.

2.) If yes, How to configure.
    - Add static route on the machine that we install ISA server
    - Configure the Internal and External correctly. Than you ready to go




paulo.oliveira -> RE: Multiple VLAN on ISA Server 2006 (16.Mar.2009 5:39:24 PM)

Nice! Good work!

Regards,
Paulo Oliveira.




pwindell -> RE: Multiple VLAN on ISA Server 2006 (19.Mar.2009 9:59:51 AM)

Well I'm going to be a stick in the mud here and say that I don't think this was approached correctly.

If ISA is "dealing with VLANs" then the VLANs have to have a Virtual Nic (to go with the Virtual LAN).  Then each Virtual Nic would be treated as a separate Nic on the ISA.  This means that

1. there is No Static Routes
2. a separate Network Definition has to be created on the ISA to associate with each Virtual Nic.
3. Access Rules need to be created to allow traffic between the different Network Definitons.

If this is a Network Behind a Network design then the ISA is Not dealing with VLANs here because the VLANs never "touch" the ISA and therefore the VLANs are treated as regular subnets with a LAN router handling them "apart" from the ISA.




Jason Jones -> RE: Multiple VLAN on ISA Server 2006 (19.Mar.2009 10:04:34 AM)

quote:

ORIGINAL: pwindell

Well I'm going to be a stick in the mud here and say that I don't think this was approached correctly.

If ISA is "dealing with VLANs" then the VLANs have to have a Virtual Nic (to go with the Virtual LAN).  Then each Virtual Nic would be treated as a separate Nic on the ISA.  This means that

1. there is No Static Routes
2. a separate Network Definition has to be created on the ISA to associate with each Virtual Nic.
3. Access Rules need to be created to allow traffic between the different Network Definitons.

If this is a Network Behind a Network design then the ISA is Not dealing with VLANs here because the VLANs never "touch" the ISA and therefore the VLANs are treated as regular subnets with a LAN router handling them "apart" from the ISA.



Yep, what he said [:)]




franco -> RE: Multiple VLAN on ISA Server 2006 (28.May2009 9:03:36 AM)

Hi People i need help.
Do you know what is the exact number of VLANs that the ISA Server 2006 support?




paulo.oliveira -> RE: Multiple VLAN on ISA Server 2006 (28.May2009 10:28:39 AM)

Hi,

ISA firewall supports UNLIMITED networks. It means as much as your hardware can provide.

http://www.microsoft.com/Forefront/edgesecurity/isaserver/en/us/editions.aspx

Regards,
Paulo Oliveira.




franco -> RE: Multiple VLAN on ISA Server 2006 (29.May2009 12:54:57 AM)

Hi,
Let me tell you what happened with me. i have 18 VLANs and i want them to access the internet where i have 1 NIC and when i tried to add them, the ISA gave me an error that it doesn't support that number of VLANs.
Thank you..




Jason Jones -> RE: Multiple VLAN on ISA Server 2006 (29.May2009 5:28:52 AM)

Can you provide a screenshot of the error?

Do you have a LAN router (or layer 3 switch) behind ISA which provides the VLAN routing or do you want ISA to do this?

Cheers

JJ




Page: [1]