• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Multi homed ISA Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> Multi homed ISA Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Multi homed ISA Server - 4.Sep.2001 5:20:00 PM   
FrodeS

 

Posts: 2
Joined: 4.Sep.2001
From: Oslo, Norway
Status: offline
Hi,

I'm trying to find a solution for our internal lab, testing and training networks to get safe access to the Internet.

Our internal network consists of six (6) separate networks that's beeing used for the various tasks described above. I would like to use ISA server as a firewall for these networks, and to keep it all in one box.

The config will be like this:
NIC 1 - ISP Connection
NIC 2 - Lab network 1 (IP: 10.1.0.0)
NIC 3 - Training network 1 (IP: 10.2.0.0)
NIC 4 - Training network 2 (IP: 10.3.0.0)
NIC 5 - Test network 1 (IP: 10.4.0.0)
NIC 6 - Test network 2 (IP: 10.5.0.0)
NIC 7 - Lab network 2 (IP: 10.6.0.0)

Subnetmask for all networks: 255.255.0.0

None of these networks are intended as DMZ networks, but there will be services in some of these networks that need to be published on the outside.

I've set this up on a server with dual 4-port ethernet cards to support all the connections. For the first two networks the server works fine as a router/firewall, letting PING and other ports through, but when I get to the forth network, I can't use the server as a router/firewall, PING and similar functions simply don't get through.

Has anyone out there seen this problem before? What could be the cause to my problem?

Or maybe ISA Server isn't capable of handling my situation?

Please give me inputs, I'd really hate to spend the extra bucks on buying another type of solution...

BTW: I've installed the server with both Firewall and Proxy funtionality. If I point to the server as a Proxy server for the machines in the forth network, it works like a charm.

Regards,
FrodeS.

Post #: 1
RE: Multi homed ISA Server - 5.Sep.2001 9:22:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Frode,

It *might* be that this configuration doesn't work, but I've not heard anybody mention a similar configuration and its certainly not been documented by MS.

Sounds like you really need a router on your internal network! While ISA server can perform from routing functions for you, you really don't want to make your firewall your LAN router, do you?

If you have the time, I'd appreciate it if you can do a test for me. Use the same configuration on a Win2k computer without the ISA Server installed. Then use the Routing and Remote Access Server to make the machine a LAN router and see if that works. Then we can get a better idea of this is an ISA Server issue or a Win2k issue.

Thanks!

Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!


(in reply to FrodeS)
Post #: 2
RE: Multi homed ISA Server - 5.Sep.2001 9:39:00 AM   
FrodeS

 

Posts: 2
Joined: 4.Sep.2001
From: Oslo, Norway
Status: offline
Hi Tom,

These networks are not interconnected today, nor are they intended to be.

The whole point of setting up the ISA Server was to share one single connection to the internet, instead of the situation we've got today, where each and every network is connected via it's own 2 Mb connection to various ISP's.

As I pointed out in my previous post, it works like a proxy on all the different networks, but it's not able to route for other networks than the first two (maybe three, but I haven't been able to get to the third network yet.)

Currently, I haven't got time to try to setup a RRAS solution, and a solution based on RRAS will be to heavy to manage for my colleagues when I'm not here. I know that this setup works with other firewall vendors, and if MS aims to compete with the likes of FireWall1 and others, they should be able to do this... The reason why I know this is that I'm changig from my very old version of Raptor Firewall with ISA...

Any idea where I could turn to find out if this is a supported solution?


Regards,
Frode.


(in reply to FrodeS)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> Multi homed ISA Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts