• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Supernetting + ISA = Possible?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Supernetting + ISA = Possible? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Supernetting + ISA = Possible? - 12.Aug.2004 12:51:00 AM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
Hello all again "[Smile]"

So I have my normal /24 subnet of public IPs. I now understand that for ISA,
quote:
Its virtal that the Internal and external interfaces, and any other interfaces on the ISA firewall, all be located on different network IDs.
I would like to have some of those public IPs remain the same. So i've supernetted:

Original network IP range (/24):
128.208.125.0 - 128.208.125.255
Subnet mask 255.255.255.0

Proposed supernetted network IP ranges(/26):
128.208.125.1 - 128.208.125.63
128.208.125.64 - 128.208.126.127
128.208.125.128 - 128.208.125.191
128.208.125.192 - 128.208.125.255

Subnet mask that applies to the four 'networks' above is 255.255.255.192.

Alas! There are now 4 *different* networks from my original /24 network.

So the question is:
Can ISA route *properly* with a supernetted network? Such that

External NIC1 = 128.208.125.64/26 MASK 255.255.255.192 which encompasses:
128.208.125.65 - 128.208.125.126

Internal NIC2 = 128.208.125.0/26 MASK 255.255.255.192 which encompasses:
128.208.125.0 - 128.208.125.63

Internal NIC3 = 192.168.125.0/24 MASK 255.255.255.0 which encompasses:
192.168.125.0 - 192.168.125.255

The gateway remains (as it should, correct?) in the 'external' network/NIC with IP 128.208.125.100.

Once again, will ISA/Windows know where packets destined to the different supernetted networks belong to which NIC? "[Confused]" All suggestions welcome - even, "I don't knows" "[Big

Thank you all!
Edgardo

[ August 12, 2004, 12:53 AM: Message edited by: grinn253 ]
Post #: 1
RE: Supernetting + ISA = Possible? - 12.Aug.2004 5:34:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Edgardo,

Of course the ISA firewall will! Each NIC is assigned to a different subnet and each subnet is defined as a different network. You can then create Network Rules to control the route relationship between any two networks. You can set a route relationship between them all, or between some of them. You can even set a route relationship between Internal and External if you like.

The good thing is, no matter if you use Route or NAT, the same strong firewall stateful filtering and stateful application layer inspection is applied to all connections moving through the ISA firewall.

HTH,
Tom

(in reply to grinn253)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Supernetting + ISA = Possible? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts