• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Okay Router Time!

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Okay Router Time! Page: [1]
Login
Message << Older Topic   Newer Topic >>
Okay Router Time! - 15.Oct.2004 1:33:00 AM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
Hello all,

So i've noticed a lot of threads regarding:
1) Routing of internal networks
2) How to turn off denials between internal subnets?
3) NetBIOS Problems!

Basically routing configuration questions.

So, is the simple answer to all of the above, utilize a router as the routing device that will connect the internal networks, and then place ISA as the routers default gateway? Therefore all internal traffic will be passed amongst the router, and external traffic will then go to ISA.

Does that 'defeat the purpose' of ISA also scanning internal networks? Perhaps, but as others mentioned, "allowing all protocols," amongst internal networks through ISA does not always reallyallow all. Especially the netbios broadcasts and multicasts -- during ghosting/imaging, & WINS registration (& network browsing?).

Basically, if I have questions similar to #1 to #3 above, would a router that bypasses ISA for internal traffic accomplish groovy internal routing? "[Embarrassed]" "[Big

Thoughts on using Windows Server 2003 as a router?
"[Cool]" ****Can ISA 2004 on Server 2003 utilize RRAS to route internal traffic?**** "[Cool]" Thereby alleviating the need to purchase another hardware?

Thanks everyone!
Edgardo

[ October 15, 2004, 01:35 AM: Message edited by: grinn253 ]
Post #: 1
RE: Okay Router Time! - 15.Oct.2004 4:44:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Edgardo,

Just remember that the ISA firewall is a firewall, not a router. While it will route all packets between directly connected networks, its not a gateway for communications for which it isn't the gateway. Hosts onthe same Network should NEVER loop back to other hosts on the same Network. That's where people get into trouble.

So, putting routers on networks that are within the same Network is definitely the way to go.

HTH,
Tom

(in reply to grinn253)
Post #: 2
RE: Okay Router Time! - 16.Oct.2004 1:00:00 AM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
How does a SecureNAT client fit in this? For example, all the following networks are on the same segment.

1) 192.168.65.1.0 /24
2) 192.168.65.2.0 /24
3) 192.168.65.3.0 /24

Giving ISA 4 NICs, 1 to serve as gateway for each network & 1 for external. Is SecureNAT still an option here? [Confused] SecureNAT definition is a "client machine with ISA as gateway," correct?

ISA must perform some type of routing in this situation...

Can ISA 2004 on Server 2003 utilize RRAS to route internal traffic? If so, are clients SecureNAT clients?

goodbye,
Edgardo

[ October 16, 2004, 01:01 AM: Message edited by: grinn253 ]

(in reply to grinn253)
Post #: 3
RE: Okay Router Time! - 19.Oct.2004 12:08:00 AM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
So is it possible for multiple SecureNAT client networks on the same segment? Example in the preceding post?

Thanks,
Edgardo

(in reply to grinn253)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Okay Router Time! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts