If this is the case I would manually set the ttl on my external record sets very low so in the event your connection drops, DHCP assigns your ip to someone else the organizations recover is a quick one. Hopefully only a couple hours. However mail resolved off the root to the old ip address will bounce til it times out. In otherwords fix the root resolutions as quick as possible.

I would also figure out what the lease time of IP address assignment is so I could figure the duration I could expect to keep my ip addresses in the event the internet connection is lost.

In short, make life simple get a static IP.

John

I have two goals in mind, first a reliable Firewall, which I think will be difficult without a static IP address, and then enabling VPN, which again would require a static IP address.

The other part of my question was whether it mattered or not whether the xDSL connection came through the NIC or USB port. I suspect if it comes through the USB port, that ISA would treat it similar to a Dial on Demand configuration, thus it could handle a dynamic address. Do you know if this is true?

Yes, I do foresee publishing a exchange server from behind the firewall someday.

Rob
rdrj@mindspring.com

quote:

---

Originally posted by jmunyan:
Sure, it is just a question of how well it works and what you are trying to do with it. I would think if you are not publishing resources things are completely cool. If you are intending to publish resources and you know belying them is DHCP assigned addresses the real question becomes one addressing your organizations assessment of value for system reliability. Clearly if a company can't spend for a connection with a static IP they shouldn't be surprised if their connection for email is down for a couple days at a clip.

If this is the case I would manually set the ttl on my external record sets very low so in the event your connection drops, DHCP assigns your ip to someone else the organizations recover is a quick one. Hopefully only a couple hours. However mail resolved off the root to the old ip address will bounce til it times out. In otherwords fix the root resolutions as quick as possible.

I would also figure out what the lease time of IP address assignment is so I could figure the duration I could expect to keep my ip addresses in the event the internet connection is lost.

In short, make life simple get a static IP.

John

---

[This message has been edited by RobJohn (edited 13 March 2001).]

However, the problem is how to apply the rule set. When you publish the exchange 2k box in the future you will create a rule to allow 25 on external ip xxx.xxx.xxx.xx1. If your ip assignment changes the filter will no longer work. This is the larger problem for the firewall.

For VPN how will users find it? One day it could be on one ip while on another day it is in another place. DNS won't help here if it is pointing to an eronious ip address.

John

You've validated my fears. Static IP is what I need or it's a no-go. I'll have to twist some arms at the xDSL providers end.

Thanks again, Rob