PAT (Full Version)

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing



Message


ldoodle -> PAT (26.Mar.2009 8:08:46 AM)

Hiya,

How useabe is PAT in ISA 2006?

Basically, I have 6 services which need to be published, as well as 2 physical addresses for array members.

1.1.1.1 = FW1
1.1.1.2 = FW2
1.1.1.3 = VPN
1.1.1.4 = SMTP
1.1.1.5 = OWA
1.1.1.6 = Intranet
1.1.1.7 = RDP
1.1.1.8 = BES Server

We are changing ISP who have given us a /29 mask, but they require 3 addresses for their equipment. This leaves us only with 5 usable.

Is it possible to merge the above protocols and use PAT.

Basically, the question i'm asking is, is there a limitation as to what protocols can share the same external address and be directed to different physical servers.

I know you have use host headers for web publishing rules, but what about server publishing rules?

Thanks




Jason Jones -> RE: PAT (26.Mar.2009 9:06:39 AM)

Hi ldoodle,

Different services can exist on the same IP address as long as their port requirements are different.

As you say, with HTTP you can share a single IP address and then use host headers to determine which publishing to send the request to.

If you are using HTTPS publishing, this will normally require a dedictaed IP address per FQDN to match the certificate common name correctly; however, if you have a wildcard certificate you can then rely on host headers again (as above).

Server publishing rules are defined per protocol; hence you can have SMTP publishing and DNS publishing on the same IP address, but publishing to different published servers.

VPN is an interesting one, as I don't think you can reconfigure it to listen on specific address, all addresses are included by defatult I think...I tend to use the default external IP for VPN and routing; I then use other addesses for published services (that assumes I have enough addresses for elegance [;)]).

Cheers

JJ




paulo.oliveira -> RE: PAT (30.Mar.2009 9:12:40 AM)

Hi,

agreed with Jason.
quote:

VPN is an interesting one, as I don't think you can reconfigure it to listen on specific address, all addresses are included by defatult I think...I tend to use the default external IP for VPN and routing; I then use other addesses for published services (that assumes I have enough addresses for elegance [;)]).

And If I not mistaken, use secondary IPs for vpn connections can cause you some connection troubles.

Regards,
Paulo Oliveira.




Page: [1]