Has anyone ever used isa server to route between vlans? If you have done this how exactly did you go about setting it up. I'm wanting to set this up with a dell 3324 switch. I 'm using some older 3com nics do you guys think that will be a problem they are the 3c905 nics.
Yes I am sppeaking of that what intel cards do you suggest? I've heard that I could do vlan routing without the tags basically I would have to set the ports to untagged. If I did it untagged would it be a down side to that basically I'm trying to figure out what the best way would be to implement this.
Tom do you have any article on how to set this up? I did not see much in the new biik on a setup such as this. Basically I plan on keeping the wan on a 3com 10/100 and all of my other segments will have the intel nics. I love 3com but it seems that there nics don't do much in the area of vlans, but intel incorporates the feature in with every business class nic.
There's not much to it. Install the NICs, install the drivers according to the Intel Help, and then they'll appear as NICs in the Network Connections window. Configure the IP addresses for the NICs and the vlan ID stuff.
However, I avoid VLANs for security reasons, as they're designed as a network management solution, not a security solution. It breaks the physical security model that is the core of firewall based access control. You'll be able to pretty easily subvert the ISA firewall's access control by exploiting the weaknesses in vlan tech.
I understand your point vlans are for network management and not security. The isa 2004 firewall will be in a frontend backend config so all public servers willbe plugged into a dmz switch thats separate from the layer 2 switch. Basically this is for a small setup of about 300 workstations I did not want to have to buy a layer 3 switch or a cisco router to route between the vlans also I did not want to buy an extra server to setup windows 2000 orwindows 2003 as a router either. The most the isa firewall would do as far as security is segement a test vlan completely from the production vlans for example we might though in a test domain contoller.