Re: Can use both Leasedline and ADSL with ISA 2004

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Sorry, I am not clear what you mean. As your intruction, I configure Ext NIC
default gateway have metric=10 and ADSL NIC have metric=1. That's all. My
target is all outbound traffic will go thru ADSL NIC.


"ZVR" <nospamever@xxxxxx> wrote in message
news:HfidnSM9Hsj9pO_enZ2dnUVZ_sCdnZ2d@xxxxxxxxxxxxx
> You also need to set the same metrics for the default gateways on those
> two interfaces. Do you have that?
>
> Also in your configuration all outbound traffic will go through the ADSL
> NIC, this is what you wanted? (lower metric=higher priority).
>
> Virgil
>
>
> "Newbievn" <khoa.le@xxxxxxxxxxxxxxxx> wrote in message
> news:O6JAhPP5FHA.2396@xxxxxxxxxxxxxxxxxxxxxxx
>> Yes, I did set ADSL NIC have metric 1 and Ext NIC have metric 10 as your
>> suggest. Sorry for bringing th bother to you.
>>
>> Thanks.
>>
>> "ZVR" <nospamever@xxxxxx> wrote in message
>> news:LdedndL3r_d34ezeRVn-gQ@xxxxxxxxxxxxx
>>> No you do not add that subnet to the LAT. For all intents and purposes
>>> that is a subnet "external" to ISA so you leave it like that. Did you
>>> configure the ADSL NIC gateway with a higher metric/gateway like I
>>> showed you in my first response? If you don't do that then having
>>> multiple gateways with the same metric will throw your ISA off the loop.
>>>
>>> Virgil
>>>
>>>
>>> "Newbievn" <khoa.le@xxxxxxxxxxxxxxxx> wrote in message
>>> news:OKXHXNN5FHA.3292@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Dear Virgil,
>>>> I would like to show you our network diagram for your Ref.
>>>>
>>>> Internet
>>>> |
>>>> |
>>>> Ext NIC (leased line)
>>>> |
>>>> ISA 2K4 ---Adsl NIC ----192.168.1.1(GW:
>>>> 192.168.1.2)-------------192.168.1.2[Modem ADSL] --------- Internet
>>>> |
>>>> Int NIC
>>>> |
>>>> |
>>>> LAN
>>>>
>>>> Before I plug in ADSL NIC, ISA work fine.
>>>> I think I should add 192.168.1.0 subnet into LAT because I seen in
>>>> logfile have Connection Denies. but if I do that, ISA wont filter,
>>>> cache trafic anymore, that's right ?
>>>>
>>>> Thanks
>>>> Newbievn
>>>>
>>>>
>>>> "ZVR" <nospamever@xxxxxx> wrote in message
>>>> news:r-CdncA05LEh4vLenZ2dnUVZ_tKdnZ2d@xxxxxxxxxxxxx
>>>>> That might be a totally different issue. Just check the newsgroup for
>>>>> the number of people with similar issues (slow browsing, ISA stops
>>>>> working at times etc), and they don't have multiple NIC's like you do.
>>>>> I always thought that this type of problems must be related to the
>>>>> underlying hardware, drivers being used etc. I personally never had a
>>>>> problem like that and I'm over several dozens of ISA installs so far.
>>>>>
>>>>> What hardware is your ISA running on? Also, was everything running
>>>>> fine before you configured the multiple NIC's ?
>>>>>
>>>>> Virgil
>>>>>
>>>>>
>>>>>
>>>>> "Newbievn" <khoa.le@xxxxxxxxxxxxxxxx> wrote in message
>>>>> news:%23DyrBf44FHA.476@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Dear Virgil,
>>>>>> Sorry for reply late. I have configured our system as your
>>>>>> instruction but I feel it is not running smoothly. Sometimes we
>>>>>> cannot surfing Internet and sometimes we can.
>>>>>>
>>>>>> Regards,
>>>>>> Newbienv
>>>>>>
>>>>>> "ZVR" <nospamever@xxxxxx> wrote in message
>>>>>> news:U7idnRbZZZbV5fTenZ2dnUVZ_t6dnZ2d@xxxxxxxxxxxxx
>>>>>>> No problem, after you're done please post the results here, I'm sure
>>>>>>> this kind of setup would be interesting for many people.
>>>>>>>
>>>>>>> Virgil
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Newbievn" <khoa.le@xxxxxxxxxxxxxxxx> wrote in message
>>>>>>> news:eTmyzxB4FHA.696@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>> Thanks Virgin, I absolutely clear this. Again, thank you very much.
>>>>>>>>
>>>>>>>>
>>>>>>>> "ZVR" <nospamever@xxxxxx> wrote in message
>>>>>>>> news:NaOdnWTqTtpJXvXeRVn-vw@xxxxxxxxxxxxx
>>>>>>>>> Well, mail destined to your domain (for example
>>>>>>>>> admin@xxxxxxxxxxxxxx) arrives from the Internet to your own email
>>>>>>>>> server and not to somebody else's by means of an MX record in the
>>>>>>>>> yourdomain.com zone that points to your server. So you probably
>>>>>>>>> have a DNS record already - say, mail.yourdomain.com.
>>>>>>>>>
>>>>>>>>> Also I imagine that after you install the second line you will
>>>>>>>>> want your VPN clients from outside to connect to your VPN server
>>>>>>>>> by hostname not by IP - for example they enter vpn.yourdomain.com
>>>>>>>>> in the wizard when configuring VPN on their desktops.
>>>>>>>>>
>>>>>>>>> Obviously since VPN and mail services will reside on different
>>>>>>>>> IP's vpn.yourdomain.com and mail.yourdomain.com will have to be
>>>>>>>>> different entries in your DNS zone.
>>>>>>>>>
>>>>>>>>> If this still doesn't make too much sense to you, you might want
>>>>>>>>> to check with a DNS guy to explain it to you. That's the best I
>>>>>>>>> can come up with here...
>>>>>>>>>
>>>>>>>>> Virgil
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Newbievn" <khoa.le@xxxxxxxxxxxxxxxx> wrote in message
>>>>>>>>> news:eSoSWU33FHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>>>> Hi Virgil,
>>>>>>>>>>
>>>>>>>>>> Thanks a lot for your prompt reply. But I still confuse about
>>>>>>>>>> item No.4. We use internal DNS for internal naming resolution. I
>>>>>>>>>> configed Exchange forward to external dns.Please explain more.
>>>>>>>>>> Again, Thanks you very much.
>>>>>>>>>>
>>>>>>>>>> Khoa
>>>>>>>>>>
>>>>>>>>>> "ZVR" <nospamever@xxxxxx> wrote in message
>>>>>>>>>> news:M5WdnQcg1vtt3fXenZ2dnUVZ_s6dnZ2d@xxxxxxxxxxxxx
>>>>>>>>>>> 1. In the properties of your external NIC (existing), change the
>>>>>>>>>>> interface metric and the default gateway metric to a high(er)
>>>>>>>>>>> value, for example 10
>>>>>>>>>>> 2. Install another NIC in your ISA machine and connect the
>>>>>>>>>>> second DSL line to it
>>>>>>>>>>> 3. Configure the new NIC with the proper IP parameters including
>>>>>>>>>>> the default gateway, but with interface metric and default
>>>>>>>>>>> gateway metric values lower than those for the first external
>>>>>>>>>>> interface - for example 1
>>>>>>>>>>> 4. (Optional depending on your config) Create separate DNS
>>>>>>>>>>> entries in your external zone for the two external IP's, and
>>>>>>>>>>> bind the MX record in DNS to the entry for the first interface
>>>>>>>>>>> 5. Reboot your ISA server and you should be in business.
>>>>>>>>>>> Outbound traffic will go through the interface/gateway with the
>>>>>>>>>>> lowest metric (the newly installed NIC), while mail and VPN
>>>>>>>>>>> connections will continue to arrive at the original external IP.
>>>>>>>>>>>
>>>>>>>>>>> Virgil
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> "Newbievn" <khoa.le@xxxxxxxxxxxxxxxx> wrote in message
>>>>>>>>>>> news:%2300PE$13FHA.3292@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>>>>>> Hi all,
>>>>>>>>>>>>
>>>>>>>>>>>> Currently, I have ISA 2k4 box with leasedline 192Kbs. Exchange
>>>>>>>>>>>> server published through this line. I would like adding ADSL
>>>>>>>>>>>> line which users will use this line for surfing Internet and
>>>>>>>>>>>> Leasedline only reserve for vpn client and Mail server. How can
>>>>>>>>>>>> I do that ?
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you very much.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Can use both Leasedline and ADSL with ISA 2004
    ... You also need to set the same metrics for the default gateways on those two ... Virgil ... >> gateways with the same metric will throw your ISA off the loop. ...
    (microsoft.public.isa)
  • Re: Local access only, no internet?
    ... Fairly simple -- This indicates that Vista's TCP stack is able to handle ... running with two gateways on two different networks, ... They're called interface and gateway metrics. ... The answer is no, the stack isn't that stupid, and it can use gateway ...
    (microsoft.public.windows.vista.networking_sharing)
  • RE: What do you use for security metrics
    ... What do you use for security metrics ... I would consider the cipher strength of the gateways and the ... Technical metrics should always override the business metrics. ...
    (Security-Basics)