• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

default gateway ISA or CISCO

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> default gateway ISA or CISCO Page: [1]
Login
Message << Older Topic   Newer Topic >>
default gateway ISA or CISCO - 24.May2011 9:18:25 AM   
dieselbee

 

Posts: 3
Joined: 24.May2011
Status: offline 		I have the following scenario:
1 headquarter , 2 remote sites. Each site is having 2 connections: 1 internet 1 vpn.
3 cisco routers connect together the vpn links and all 3 sites, each of them having 2 interfaces.
In headquarter I have ISA 2006 as firewall and internet gateway.

The actual setup in headquarter points all workstations towards the cisco equipment, which decides who goes where, ISA being the default gateway of cisco.

Does anyone have a good reason for changing ISA to be the default gateway for the local lan, routing the packets intended to the remote sites towards the cisco?
Post #: 1
RE: default gateway ISA or CISCO - 27.May2011 2:27:08 PM   
pwindell

 

Posts: 2228
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline 		Does anyone have a good reason for changing ISA to be the default gateway for the local lan, routing the packets intended to the remote sites towards the cisco?

No.  Because it would be wrong,...bad,...
Asynchonous Routing = Evil

You are already doing it correctly.  The VPN Device is "doubling" as both a VPN Router and a LAN Router,..which then uses the local ISA as it's Default Gateway.  This keep the routing Synchronous
Synchronous Routing  = Heavenly

_____________________________

Phillip Windell

(in reply to dieselbee)
Post #: 2
RE: default gateway ISA or CISCO - 28.May2011 7:19:35 AM   
dieselbee

 

Posts: 3
Joined: 24.May2011
Status: offline 		Hi there

Thank you for the answer. Is this sinchronous or asyncronous routing documented somewhere? I mean my setup was somehow logical, putting the most clever equipment first and then the dumber one, but few others from the tech dept. are questioning my decision.
I would like to reply them somehow documented :-)

(in reply to pwindell)
Post #: 3
RE: default gateway ISA or CISCO - 31.May2011 9:44:19 AM   
pwindell

 

Posts: 2228
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline 		It has nothing to do with smart equipment or dumb equipment.  It is the way TCP/IP functions and how sessions state is maintained an monitored.  If you receive an ACK packet without out ever receiving the SYN packet that proceeded it then the session state is broken (or spoofed) and should be dropped.  The only thing the "dumb" equipment does is not monitor the state and lets the traffic pass when it shouldn't.

The Official SBS Blog : Network Behind a Network
http://blogs.technet.com/sbs/archive/2007/11/29/network-behind-a-network.aspx

Network Behind A Network (2004) - v1.1
http://www.isaserver.org/articles/2004netinnet.html

Advanced ISA Firewall Configuration: "Network Behind a Network" Scenarios
http://www.isaserver.org/tutorials/Advanced-ISA-Firewall-Configuration-Network-Behind-Network-Scenarios.html

_____________________________

Phillip Windell

(in reply to dieselbee)
Post #: 4
RE: default gateway ISA or CISCO - 31.May2011 10:14:38 AM   
dieselbee

 

Posts: 3
Joined: 24.May2011
Status: offline 		Thanks mate

Plenty to read, hopefully I'll get to a point when I can sustain my config.

Keep up the good work :-)

(in reply to pwindell)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> default gateway ISA or CISCO Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts