• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Public IP's in Perimeter

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Public IP's in Perimeter Page: [1]
Login
Message << Older Topic   Newer Topic >>
Public IP's in Perimeter - 20.Sep.2009 9:58:31 AM   
itts

 

Posts: 2
Joined: 20.Sep.2009
Status: offline
Hi Folks,
I'm planning on doing some reconfiguration of our ISA 2006 box and I'd just like to check that what I have in mind is going to achieve what I think it will.
At the moment we have ISA configured as a 3-leg with the perimeter network set up using NAT and a private IP range.
The problem I have is some servers within the perimeter that need to go off and connect to the internet but ideally need to connect from their own IP addresses, whereas at the moment because we are using NAT they all appear to come from the ISA servers' public IP.
Firstly, if I change this configuration to use a route relationship between the internet and the perimeter and assign these servers Public IP addresses, then will traffic originating from them appear to come from their new Public IP addresses instead of the ISA's public IP?.
Secondly, if this is going to work and doesn't have any major down sides then exactly how do I configure the perimeter side of the ISA server and the upstream router? I have a block of 16 Public IP's 195.xxx.xxx.64/28 and I intend to subnet off 195.xxx.xxx.72/29 for the perimeter.  Am I right that 72 will be the network ID, so I should assign 73 to the perimeter interface on the ISA server, and that 73 should be the default gateway for all the machines within the perimeter?
Thirdly, once this is done how should I configure the upstream router to pass all traffic to ISA for the perimeter? Currently the ISA has the IP of 195.xxx.xxx.66, should I leave this unchanged and use this as the IP for the router to forward traffic to for the new subnet, or does the external interface have to be configured with the new subnet Network ID or an IP in the new subnet to be able to route traffic to it?
Thanks in advance,
Ed
Post #: 1
RE: Public IP's in Perimeter - 20.Sep.2009 12:13:13 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
If you want to keep it using NAT, you could assign several public IPs to ISA and use IP Binder to select which outbound connections will use which addresses.  TCP only, it doesn't map UDPs.

(in reply to itts)
Post #: 2
RE: Public IP's in Perimeter - 21.Sep.2009 4:39:17 AM   
itts

 

Posts: 2
Joined: 20.Sep.2009
Status: offline
Thanks for the info, but although it looks like a useful little tool unless there are any pressing reasons to stick with NAT over Route then I'd probably be inclined to switch to a Route perimeter.

(in reply to ferrix)
Post #: 3
RE: Public IP's in Perimeter - 21.Sep.2009 7:47:25 AM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
Ah, I wasn't sure from your post which way you were preferring.

(in reply to itts)
Post #: 4
RE: Public IP's in Perimeter - 27.Sep.2009 10:15:56 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
I prefer to use NAT because you're going to lose some addresses when you subnet the block.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to ferrix)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Public IP's in Perimeter Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts