vlan routing isa server 2004 (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure


watts3000 -> vlan routing isa server 2004 (18.Jul.2005 11:41:00 AM)

Has anyone ever used isa server to route between vlans? If you have done this how exactly did you go about setting it up. I'm wanting to set this up with a dell 3324 switch. I 'm using some older 3com nics do you guys think that will be a problem they are the 3c905 nics.

tshinder -> RE: vlan routing isa server 2004 (18.Jul.2005 10:31:00 PM)

Hi Watts,

Are you talking about 802.1q VLAN tagging? If so, yes. Make sure you're using the Intel cards.


watts3000 -> RE: vlan routing isa server 2004 (19.Jul.2005 2:46:00 PM)

Yes I am sppeaking of that what intel cards do you suggest? I've heard that I could do vlan routing without the tags basically I would have to set the ports to untagged. If I did it untagged would it be a down side to that basically I'm trying to figure out what the best way would be to implement this.

watts3000 -> RE: vlan routing isa server 2004 (20.Jul.2005 7:27:00 AM)

I have some intel pro 100 s nics that are able to read 802.1q tags.

tshinder -> RE: vlan routing isa server 2004 (20.Jul.2005 7:46:00 PM)

Hi Watts,

That'll work. The drivers will identify each VLAN as a virtual NIC, which the ISA firewall will recognize as a root of an ISA firewall Network.


watts3000 -> RE: vlan routing isa server 2004 (21.Jul.2005 7:31:00 AM)

Tom do you have any article on how to set this up? I did not see much in the new biik on a setup such as this. Basically I plan on keeping the wan on a 3com 10/100 and all of my other segments will have the intel nics. I love 3com but it seems that there nics don't do much in the area of vlans, but intel incorporates the feature in with every business class nic.

tshinder -> RE: vlan routing isa server 2004 (21.Jul.2005 7:49:00 AM)

Hi Watts,

There's not much to it. Install the NICs, install the drivers according to the Intel Help, and then they'll appear as NICs in the Network Connections window. Configure the IP addresses for the NICs and the vlan ID stuff.

However, I avoid VLANs for security reasons, as they're designed as a network management solution, not a security solution. It breaks the physical security model that is the core of firewall based access control. You'll be able to pretty easily subvert the ISA firewall's access control by exploiting the weaknesses in vlan tech.


watts3000 -> RE: vlan routing isa server 2004 (21.Jul.2005 11:17:00 AM)

I understand your point vlans are for network management and not security. The isa 2004 firewall will be in a frontend backend config so all public servers willbe plugged into a dmz switch thats separate from the layer 2 switch. Basically this is for a small setup of about 300 workstations I did not want to have to buy a layer 3 switch or a cisco router to route between the vlans also I did not want to buy an extra server to setup windows 2000 orwindows 2003 as a router either. The most the isa firewall would do as far as security is segement a test vlan completely from the production vlans for example we might though in a test domain contoller.

cytranic -> RE: vlan routing isa server 2004 (23.Jul.2005 2:03:00 PM)


[ July 23, 2005, 02:04 PM: Message edited by: cytranic ]

cranford -> RE: vlan routing isa server 2004 (6.Aug.2005 12:23:00 AM)

I had confirmation back from microsoft that it was not tested and is not supported although it does work ...until you maybe want to use NLB

Page: [1]