IP address on ISA
From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 04/01/04
- Next message: Tony Su: "Re: ISA Server pure SMTP gateway"
- Previous message: nathan: "creating a static route"
- In reply to: T: "IP address on ISA"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 31 Mar 2004 16:24:10 -0800
Haven't we all gone through what you describe at some tiem
or another.
Instead of migrating slowly, I recomend instead that you
configure a test environment and get everything working on
one IP address. When you're satisfied with stability,
then "flip the switch" and either apply the settings to
the existing setup (easy to do, see various tools like
import_export.zip at Jim Harrison's isatools.org site) or
swap boxes.
Tony Su
>-----Original Message-----
>The reason it has to be on seperate IP address was due to
>the fact the VPN element got taken off an old firewall
>and moved over to work through a new ISA it got done
>seperately so it could be tested etc. This obviously had
>to be setup with a different IP address and all the
>clients setup to use that IP address to connect.
>
>Since then the remaining things coming through the old
>firewall has been directed through the new ISA. The SSH
>uses a different IP address so therefore I have had to
>add the IP address as a second address. All the other
>things are still being tested so we know they work ok
>through the new ISA if they do not then they have to be
>changed back to go through the old firewall.
>
>I understand that I can use the same IP address for both
>but to change the VPN would mean changing the clients to
>point to the new IP address to connect, therefore if
>items are not working through the new firewall and it has
>to be changed back therefore I will have to go round and
>change the clients back, this could get very annoying
>for the clients to keep changing their settings and some
>of them work from home so it is not that easy to change
>them.
>
>Hence (after all that!) is why (if I can) I need to use
>both IP addresses for now but like I said it does not
>seem to like the second address.
>
>
>>-----Original Message-----
>>My understanding is that you have no control over the IP
>>addresses used for VPN clients (and many other services).
>>
>>I guess my real question would be why you split services
>>to the two addresses, if there is a reason why you
>>wouldn't want to support both SSH and VPN on the same IP
>>address. There doesn't appear to be any port/service
>>conflict based on what you described. And, there is no
>>performance gain by using multiple IP addresses on the
>>same interface.
>>
>>Tony Su
>>
>>
>>>-----Original Message-----
>>>I have an ISA server on its external card pointing out
>to
>>the internet it
>>>has 2 IP addresses associated with it.
>>>
>>>One IP address is used for a SSH server which we
>connect
>>to and the other is
>>>used for VPN clients to connect in through.
>>>The SSH server IP is configured as the main address in
>>the property pages of
>>>the connection and then under advanced I have added the
>>second IP address as
>>>another IP address.
>>>
>>>The problem I have now is the SSH can connect through
>ok
>>but the VPN users
>>>cannot connect through on their IP address configured
>in
>>there VPN dial up,
>>>if I change the IP address they need to connect to for
>>their first dial up
>>>(or tunnel) to the same IP address as the SSH server
>>uses then its fine.
>>>
>>>It must be because the IP address used for the VPN
>users
>>was put in as (what
>>>it sees) as a secondary IP address and is only using
>the
>>IP address set in
>>>its main IP/subnet mask/default Gateway/DNS property
>page.
>>>
>>>My question is how do I have it so it sees both IP
>>address on the card as
>>>main addresses? I thought just adding the second IP
>>address would be fine
>>>as in the VPN dialup it states which IP address to use!
>>>
>>>
>>>
>>>.
>>>
>>.
>>
>.
>
- Next message: Tony Su: "Re: ISA Server pure SMTP gateway"
- Previous message: nathan: "creating a static route"
- In reply to: T: "IP address on ISA"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
