• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Help rectifying ISA Layout

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Help rectifying ISA Layout Page: [1]
Message << Older Topic   Newer Topic >>
Help rectifying ISA Layout - 31.Jul.2013 3:30:33 AM   


Posts: 1
Joined: 31.Jul.2013
Status: offline
Hi, I need some help optimizing the ISA server network layout at a client. My knowledge of ISA is limited to what i've learned fixing their rules and modifying their network setup.

Here is the layout as it is now.
* Their remote branches break into the head office via dedicated lines and access internet via the head office ISA server.
* The head office has 2 internet links from 2 different ISP's. All the internet/web traffic passes through ISP A. All their email traffic (they have a cloud hosted exchange service) goes out via ISP B. This is done via static routes on the ISA server
* The ISA server is set as the head office gateway
* ISA is setup as edge firewall

I am aware of the two main issues here which is the network behind a network and the fact that ISA doesnt support 2 WAN links.

I have gotten around the network behind network issue (which was causing dropped traffic because the ISA was only seeing half of the comms between the remote branches and the servers) by adding the branches network ranges to the ISA internal network and putting static routes on their Small Business Server to send traffic meant for other branches directly there and not to go to the ISA server first. I read I could also just change the Small Bus Server to use the Breakout router as it s gateway and set the breakout router to use the ISA server as gateway.

The other issue is the 2 wan links.
As mentioned, different traffic is split across the links but if one of the links goes down then the other must take over duties. At the moment this is done with static routes with different metrics. But ive had some issue with this cause I'm not 100% sure how to set the network layout and rules on the ISA Server for their hosted exchange via ISP B.

Should I create a network for the hosted exchange NIC? Should I add the hosted exchange server IP's in there also? Or should I just leave that whole thing out and let the static routes handle it?

What would be the optimal layout for this situation? Stick a cisco router in front of the ISA to deal with the 2 ISP links?
Post #: 1
RE: Help rectifying ISA Layout - 11.Oct.2013 9:12:48 AM   


Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
The Hosted email link is going to have specific destination IPs (maybe only one) which would be the Mail Server that is hosted for them. So treat this link the same way you do the branch links and divorce the ISA from having anything to do with it (just like with the branch links). Logically it is no different than if the Mail Server existed at one of the branch locations.

There would be no fail over without manually reconfiguring the LAN's routing scheme and reconfiguring ISA's topology awareness every time the link went up or down.

You last comment is interesting too, yes that might be possible...but another option is to think "outside", not "inside". Have all outbound traffic go out the ISA (all meaning ALL),...the ISA with only two nics (Internal & External). Have the two WAN links come into the same Internet Router that sits outside the ISA. Have that router make all the decisions for where the Hosted mail traffic goes,...which would include the fail over if it is capable. This way the ISA does not have to be concerned with any of that. It may be possible that the Router that you already have on the outside of the ISA may already be capable.


Phillip Windell

(in reply to aburger82)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Help rectifying ISA Layout Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts