I'm assuming that if I remove the Array.dll script url from the Load Balancer, and replace it just with the IP:Port of the ISA servers, I'm losing the built in ISA failover?
which doesn't work. The reason for using that is because it has the address of the other server as the failover address.
Why would you configure the HLB to use the array script?
The values provided in the script are the REAL IP addresses so if one server is down, your HLB is providing little value - no?
Why do you care about ISA failover if you have HLB to do it properly? Surely the HLB should point to each ISA and then present them to users with a single virtualised IP or name? This way, if one of the ISA servers fails, the HLB will stop sending requests and balance all users via the remainging ISA server...
Maybe I have missed something, but I just don't get why you would use an array script if you have HLB...
But if it is a HLB then it would be altered to the virtual IP of the HLB? :8080/array.dll?Get.Routing.Script" target=_blank>http://<Virtual IP of HLB>:8080/array.dll?Get.Routing.Script Or do you do something completely different?
DNS resolves it to the load balancer, which then looks at your IP address. It then sends your connection to the ISA server nearest to you. If it cannot connect to it, it sends to the next ISA server in the list.
As for the original problem, I believe I fixed it.
Because we are using 1 nic, ALL IP ranges are listed in the Addresses tab. The Web Browser tab, had "Directly Connect to IP's listed in Addresses tab" checked off like someone earlier recommended.
This is why every IP was listed in the array.
I unchecked "Direct connect to IPs in Addresses tab" and added by INTERNAL ranges to the bypass list on the Web Browsers page, and everything is looking to work normally.
Although I'm still a little concerned since MS says there are bugs in listing both domain names and IP ranges in the bypass list.
Thanks to everyone here for the direct and indirect help. You guys got me to think about it from every angle which helped fix the issue.
But if it is a HLB then it would be altered to the virtual IP of the HLB? :8080/array.dll?Get.Routing.Script" target=_blank>http://<Virtual IP of HLB>:8080/array.dll?Get.Routing.Script Or do you do something completely different?
All you gain by that is balancing of the script; the script will still contain real, dedicated IP addresses not HLB/VIP addresses and you then bypass the HLB and connect direct...similar scenario when using ISA EE with NLB.
DNS resolves it to the load balancer, which then looks at your IP address. It then sends your connection to the ISA server nearest to you. If it cannot connect to it, it sends to the next ISA server in the list.
As for the original problem, I believe I fixed it.
Because we are using 1 nic, ALL IP ranges are listed in the Addresses tab. The Web Browser tab, had "Directly Connect to IP's listed in Addresses tab" checked off like someone earlier recommended.
This is why every IP was listed in the array.
I unchecked "Direct connect to IPs in Addresses tab" and added by INTERNAL ranges to the bypass list on the Web Browsers page, and everything is looking to work normally.
Although I'm still a little concerned since MS says there are bugs in listing both domain names and IP ranges in the bypass list.
Thanks to everyone here for the direct and indirect help. You guys got me to think about it from every angle which helped fix the issue.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> RE: Can't Access Websites By IP 
RE: Can't Access Websites By IP - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread