Re: Upgrading the Hard Way
- From: GarthK <garthk@xxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 09:00:04 -0600
An excellent idea! In fact, I have several public IP addresses and an
old ISA server that is turned off that I can do this with. This way, the
users won't notice a difference.
Thanx much!
Garth
ZVR wrote:
No problem....
Another suggestion I can make is to perform a "parallel" migration... if you
have a second external IP address that you can use. You would basically
deploy your second server, assign the second public IP to the "external"
interface and assign one LAN IP to the "internal" NIC, then configure ISA
2004 on it. You end up with a parallel installation of ISA 2004 while you
don't yet decomission the old ISA 2000. Your network will basically have two
different exit/entry points through the two firewalls; you can take
advantage of this by slowly migrating everything towards the second server -
first the server/web publishing rules, then the clients and eventually the
VPN config. You can do this in a controlled manner, by testing each rule as
you build the new firewall config. When you're sure everything works as
expected and all clients, servers etc will have been migrated to the 2nd
firewall, you simply pull the plug on the ISA2000 machine.
Virgil
- References:
- Upgrading the Hard Way
- From: Garth Keesler
- Re: Upgrading the Hard Way
- From: ZVR
- Re: Upgrading the Hard Way
- From: Garth Keesler
- Re: Upgrading the Hard Way
- From: ZVR
- Upgrading the Hard Way
- Prev by Date: Network Schema
- Next by Date: Re: Certificates/SSL Connections From Behind ISA
- Previous by thread: Re: Upgrading the Hard Way
- Next by thread: Re: Upgrading the Hard Way
- Index(es):
Relevant Pages
|
