Re: Adding to a NIC to the ISA causes traffic to fail
From: Saira (Saira_at_[nospam)
Date: 10/27/04
- Next message: GNM: "Reporting Q"
- Previous message: skev303: "ISA server not part of the local domain!?"
- In reply to: Phillip Windell: "Re: Adding to a NIC to the ISA causes traffic to fail"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 27 Oct 2004 18:47:01 +0100
Philip
Thanks for your reasoning.
I agree with you from a theoretical standpoint, especially with 1 and 3. At
the moment I am running this in a test lab and I wish to have the ability to
monitor the packets flowing between the different subnets, if the traffic
never goes through the ISA server (just the router) I would not be able to
do this. Obviously this functionality comes at a price.
On the problem I had, I've figured out what was going on and everything is
back up and running. I'm now adding more bells and whistles.
Thanks
Sara
"Phillip Windell" <@.> wrote in message
news:OAlpVr3uEHA.1404@TK2MSFTNGP11.phx.gbl...
> "Sarah" <Saira.Shamim@[nospam]BayonetVenture.com> wrote in message
> news:%23dHtxvzuEHA.1524@TK2MSFTNGP09.phx.gbl...
>> Philip
>> Thanks for your response. However are you not canning some of ISA 2004's
>> functionality? I would like to use the ability to directly attach
>> multiple
>> networks to the server and then control the traffic between the networks.
>> Perhaps you could expand on why you feel so strongly that this is a
> terrible
>> thing to do.
>
> You can still do it if you want to, but I have no articles, links, or
> other
> information to perform that. ISA's ability to "control" the networks is
> still the same without running every subnet directly into the ISA
> box.Here's
> why I don't think it should be done......
>
> 1. ISA is proxy, not a "router". Activating "routing" on a proxy is
> contrary
> to the role of a proxy and if not handled properly can allow packets to be
> routed "underneath" the proxying services provided by the proxy (Web
> Proxy,
> Firewall Service, ect).
>
> 2. Proxys by definition are an "edge" device (whether DMZ edge or Internet
> edge). A LAN Router by definition is a "center" device that sits in the
> logical "center" of a LAN and routes (normal Layer3 routing) between
> segments of the LAN itself. The "center" device should have no concept of
> the Internet and not be involved in the use of the Internet.
>
> 2A. All Clients and Servers use the LAN Router as their Default
> Gateway. The
> LAN router would not need a Default Gateway if it is the only
> router
> and all
> Clients using the Internet operate as Web Proxy Clients or as
> Firewall Clients.
>
> 2B. If any of the Clients will be operating as SecureNAT Clients
> then the LAN
> Router would use the ISA as the Default Gateway. If you have
> multiple LAN
> routers, then the Default Gateway of the LAN Router may point to
> one
> of the
> other routers in some cases, which in turn, eventualy point to the
> ISA.
>
> 3. If the edge device such as ISA is used as the LAN's router then the
> function of the LAN itself becomes dependent on whether or not the edge
> device is functioning properly. This should not be allowed,..the LAN
> should
> function independently on its own regaurdless of whether the "edge" device
> happens to go "belly-up" one morning.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
- Next message: GNM: "Reporting Q"
- Previous message: skev303: "ISA server not part of the local domain!?"
- In reply to: Phillip Windell: "Re: Adding to a NIC to the ISA causes traffic to fail"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
