Re: ISA2004 - multiple external interfaces
- From: "Thomas W Shinder [MVP]" <tshinder@xxxxxxxxxxx>
- Date: Wed, 6 Apr 2005 22:24:56 -0500
Hi Trevor,
You can have as many external interfaces as you like, but only one interface
can have a default gateway.
HTH,
--
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
FACT: Firewalls need at least two interfaces -- put a second NIC in that ISA
firewall!
"Trevor Miller" <tmiller@xxxxxxxxxxxxxxx> wrote in message
news:usBCH0TOFHA.604@xxxxxxxxxxxxxxxxxxxxxxx
: Nope, it does not (or I least I don't think so).
:
: ISA Internal is 10.2.0.0 / 255.255.240.0
: ISA External is X.X.X.X / 255.255.255.0 and Y.Y.Y.Y / 255.255.255.0
:
: Neither external is in the LAT and I've assigned gateways to each from
RRAS
: (Steelhead) with differnet metrics. Issue is only the route with lower
: metric ever works. If traffic comes in via X.X.X.X for a web site
published
: to X.X.X.X, it only works if X.X.X.X is the route with the lower metric
: (IE - the default gateway).
:
: Guess it simply comes down to these two IPs needing to be on the same
: physical interface not separate ones eh? Or I could simply ensure to only
: publish the address that is the default gateway. (the other works fine for
: outbound traffic).
:
: -trevor
:
:
: "A.Klimkin" <aklimkin at mail dot ru> wrote in message
: news:%23FUOzQpNFHA.3296@xxxxxxxxxxxxxxxxxxxxxxx
: > Yes, Phillip. I can remember that. The similar issues I already faced
with
: > ISA2004. It seems that ISA cannot properly handle the LDT/LAT lists - or
: > at least I don't understand how to properly configure this stuff ;-)
: > Anyway, I don't know if this issue does correlate somehow with Trevor's
: > problem.
: >
: > Regards,
: > Andrew
: >
: > "Phillip Windell" <@.> wrote in message
: > news:ObWx4kiNFHA.2580@xxxxxxxxxxxxxxxxxxxxxxx
: >> Say Andrew,
: >>
: >> Sorry to just jump in,...but do you remeber the issues we dealt with
: >> where
: >> ISA would get in the way of going to local site when the URL was just
the
: >> IP# but stayed out of the way just fine if a Netbios Name was used
: >> instead?
: >> It seemed to be getting "confused" by the Dots in the address and tried
: >> to
: >> resolve it as if it was an Internet address instead of just saying out
of
: >> the way.
: >>
: >> I think it was over a year ago we ran across that.
: >>
: >> --
: >>
: >> Phillip Windell [MCP, MVP, CCNA]
: >> www.wandtv.com
: >>
: >>
: >> "A.Klimkin" <aklimkin at mail dot ru> wrote in message
: >> news:u9xxZNbNFHA.3356@xxxxxxxxxxxxxxxxxxxxxxx
: >>> > ... When looking at the listener config it allows for configuration
: >>> > of
: >>> > multiple external IPs - does it indeed only allow 1?
: >>>
: >>> Yes, it allows to bind multiple IPs. But to the *single* interface.
You
: >>> cannot have more than one physical extrenal interface. Also, if you
bind
: >>> multiple IPs to the external interface, you have no control over what
: >>> particular IP address will be used as source address for outgoing
: >>> traffic.
: >>> This could lead you to the problems communicating to some hosts (e.g.
: >>> relays) that use quite bogus authentication scheme by source IP
address.
: >>>
: >>> Regards,
: >>> Andrew
: >>>
: >>>
: >>
: >>
: >
: >
:
:
.
- References:
- Re: ISA2004 - multiple external interfaces
- From: Trevor Miller
- Re: ISA2004 - multiple external interfaces
- From: A.Klimkin
- Re: ISA2004 - multiple external interfaces
- From: A.Klimkin
- Re: ISA2004 - multiple external interfaces
- From: Trevor Miller
- Re: ISA2004 - multiple external interfaces
- Prev by Date: Re: Activesync and OWA on ISA 2004
- Next by Date: Re: Log
- Previous by thread: Re: ISA2004 - multiple external interfaces
- Next by thread: Re: ISA2004 - multiple external interfaces
- Index(es):
Relevant Pages
|
