Re: MSSQL Server Gateway
- From: Dan <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Oct 2006 03:55:01 -0700
Phillip,
The topologie is as simple as mentioned in my previous post.
Two routed internal private class B networks seperated by a firewall.
No extranet/Internet involved.
All I want to know is if ISA Server supports the desired
gateway/concentrator functionality for lowering adminstrativ complexity on
the firewall. (Optional the user authenitfication without installing
additional software on client).
I personaly don't think it's possible to do this with ISA and/or Proxy
Server but I was told otherwise and just try to figure out if I'm wrong
without installing the ISA Server in lab.
Sorry if I express myself a bit unclear, it's somtimes hard to do so in a
foreign language :-(.
Thanks for your help anyway :-)
Dan
"Phillip Windell" wrote:
.
"Dan" <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1FBE0723-5F59-4F6E-9743-1598BE238D1D@xxxxxxxxxxxxxxxx
Example:
- Client in private LAN wants data from SQL Server DB in secure private
LAN
- Concentrator/Gatway checks if user may access requested DB Server
(optional)
- Concentrator/Gatway passes datarequest (through firwall) to DB Server
- DB Server sends data to concentrator/gateway
- Concentrator/gateway passes data to client.
Ok, this part may help but I'm still a little fuzzy on it. I still don't
know the Topology. Without that I am shooting blind.
But here is what I interpret from this.
There are three segments:
1. Regular LAN Segment (internal LAN, contains the "User")
2. "Secure" LAN Segment (also internal LAN, contains the "SQL Server")
3. Internet (external)
If there is already a LAN Router between #1 and #2 then that is where this
is done by using ACLs on the LAN Router. You can't make ISA have any "say"
in what heppens there.
If this is hypothetical and doesn't actually exit yet, the the ISA can sit
between all three segment with 3 NICs (in place of the LAN Router). The
Secure LAN Segment will cause there to be a "new" Network Object for it
created in ISA of the type "internal" and will have a "routing relationship"
to the other LAN Segment but have a "nat relationship" to the Internet
Segment. Then access between each segment will be controlled by using
Access Rules on the ISA.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
- Follow-Ups:
- Re: MSSQL Server Gateway
- From: A. Klimkin
- Re: MSSQL Server Gateway
- References:
- Re: MSSQL Server Gateway
- From: A. Klimkin
- Re: MSSQL Server Gateway
- From: Dan
- Re: MSSQL Server Gateway
- Prev by Date: Re: Backup and Restore / Export and Import failed
- Next by Date: Re: firewall service crash due to ntdll.dll
- Previous by thread: Re: MSSQL Server Gateway
- Next by thread: Re: MSSQL Server Gateway
- Index(es):
Relevant Pages
|
