Re: Need HELP !! ISA + 3 Network Segments
- From: "H22H" <H22H@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Jan 2006 12:34:02 -0800
Thanks ...
one more thing just to be sure :
The binding order : 1. LAN NIC 2. WAN NIC
Web Server LAN NIC :
--------------------------
IP : from the IP range of the local network
Gateway : nothing
DNS : Active Directory DNS ( The same as the Local Network DNS )
Web Server WAN NIC :
--------------------------
IP : ISP Public IP ( Server IP )
Gateway : ISP Gateway
DNS : ISP DNS
Are these settings right ??
Thanks
"Phillip Windell" wrote:
> "H22H" <H22H@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:3658CB80-1B3B-468D-97CA-D47BD731C1DD@xxxxxxxxxxxxxxxx
> > As a solution I was thinking to add extra NIC to the Web Server with an IP
> > from the Local Network range and connect it to the Local Network .. and
> > create a special zone for the web site in the local DNS to point to the
> Web
> > Server's Private IP so they will be able to connect and access the Web
> Site
> > locally .
>
> Yes that is correct.
>
> > BUT , I found one problem , I can't set two Gateways on one computer !!
>
> That is correct.
>
> > if I remove the gateway from the internal NIC in the Web Server it will
> not
> > be able to response the internally requests !!
>
> You don't need the second Default Gateway. Yes it will respond to requests
> from the LAN side,...but it will only respond to the same subnet that the
> "LAN Nic" is on. Other subnets beyond that one on the LAN will require
> Static Routes entered into the OS's Routing Table that point to the LAN
> Router that leads to the other internal subnets.
>
> You will also want the LAN nic to be first in the binding order,....and you
> want *only* the LAN's AD/DNS set for the machine's DNS (not the ISP's DNS).
> Having WINS is a good idea too. None of this means it has to be a Domain
> member,...it does not have to be a Domain member. The machine will still
> use the Internet Nic for the Internet communication because that is the one
> with the Default Gateway, but everything else will look toward the LAN
> (which is how it should be). We have a couple machines in our LAN in the
> same situation, except that I did make them Domain members for management
> purposes.
>
> The machine will *not* route between the two Nic unless you go out of your
> way to install and configure RRAS on the box to operate as a LAN Router.
> Just don't install RRAS on it to begin with and you won't have to worry
> about it.
>
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
> -----------------------------------------------------
>
>
>
>
.
- References:
- Re: Need HELP !! ISA + 3 Network Segments
- From: H22H
- Re: Need HELP !! ISA + 3 Network Segments
- Prev by Date: Re: Cleanest way to allow FTP/HTTP access to get update from Anti-virus website ?
- Next by Date: Intermittent inbound delivery to Exchange via ISA 2004
- Previous by thread: Re: Need HELP !! ISA + 3 Network Segments
- Next by thread: Restricting Internet Access - Allow 0r Deny List
- Index(es):
Relevant Pages
|
