Re: ISA Help Needed
From: Adam Selene (as_at_freeluna.org)
Date: 10/11/04
- Next message: Justin Crosby [MSFT]: "RE: Additional File Server?"
- Previous message: Chris: "Re: Anyone tri-homed SBS2003?"
- In reply to: Les Connor: "Re: ISA Help Needed"
- Next in thread: Les Connor: "Re: ISA Help Needed"
- Reply: Les Connor: "Re: ISA Help Needed"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 11 Oct 2004 13:18:04 -0500
On Mon, 11 Oct 2004 01:47:35 -0500, "Les Connor"
<les.connor@DEL.cfive.ca> wrote:
>Hi Adam,
>
>You've got a gateway router/switch with some ports, which gives your
>workstations internet access now. If you have no more ports on the router
>for the sbs, plug another hub/switch into the router to give you some more
>ports. Connect the external nic of the SBS to this hub/switch, so it's got
>internet connectivity same as the other boxes.
>
>You also need another switch for the lan, as you're getting around to
>migrating the workstations to the SBS. Connect the SBS internal nic to this
>switch.
>
>For example:
>
>Router lan IP 192.168.1.1
>PTP clients and SBS External nic 192.168.1.x
>Make the SBS external nic static ip.
>Now everyone has an internet connection.
>
>SBS internal nic: 192.168.16.2 (default)
>
>Set up your SBS (the Todo list), add users, computers etc.
>
>As you migrate workstations into the SBS domain, move them to the switch
>connected to the SBS internal nic. They'll get their network settings from
>the SBS DHCP, and you can run connectcomputer wizard, install the SBS apps
>(including ISA firewall client), etc.
>
>So you can have some workstations on the 192.168.1.x network, and some on
>the SBS internal network, and they all get internet connectivity.
>
>When you get visitors who want internet access, connect them to the gateway
>router so they're outside of your lan network. You might consider installing
>a wireless access point on that network, if your router doesn't have that
>capability already.
>
>But in all honesty, it's really no problem putting all the workstations on
>the domain right away, especially when you've only got 5. You'd have total
>connectivity in less time than you've already spent thinking about this ;-).
>If you just followed the ToDo list, that grease you refer to would be
>applied.
Hi Les,
Thanks for your reply. I agree that the ToDo list adequately covers
most problems for new networks.
I don't recall saying I had only 5 workstations. In fact, I have over
16 plus 3 static IP network printers, one with a networked scanner
application that has to be migrated. One of the workstations is
operating in the role of file-server (W2K Pro) and has the scanner
application resident on it. Perhaps what fooled you was that I didn't
show the details of the production network -- how the router is
feeding three (3) 16-port 10/100 switches to support the users on
several floors, etc.
What I had hoped to do was to get SBS working with ISA so that it
could replace the Router in the production network, then begin
accepting client workstations into its domain as various detailed
migration issues were resolved. I never wanted to do anything to the
production network until I had the pilot network functioning
acceptably. That includes modifying a router to suit the pilot
network.
I don't want to use the default LAN network (192.168.16.0) because the
production has several devices with static IP's on (192.168.1.0) and
because to do so would entail modifying ALL existing workstations plus
the Static Devices (Printers) to the new network (192.168.16.0). I
just didn't want to be making such changes to the production network.
Perhaps I'll have to re-think this.
My experience screams out that one don't trust someone else to take
one's router, customize it to his own likes and dislikes, and still
use it in the application for which it was originally manually
customized. Maybe it will, but I'm not willing to gamble the
production network that it's so. Perhaps what I should do is go buy a
2nd router to sacrifice to SBS. :) But my goal was to be able to put
SBS up without a router, relying on ISA to be my firewall. (I know
that a Linksys router isn't a proper firewall even though it has NAT,
port filtering and DMZ capabilities.)
My REAL problem right now would appear to be ME.
As it stands right now, while non-domain clients can browse the
internet through SBS cum-ISA, SBS can't itself go get Windows Updates.
And I've no idea whether POP3 mail will be able to work through it.
(I'm no longer taking anything for granted.)
I'm finding no useful information to allow me to configure ISA so that
I can put SBS into production. Marina and Susan have helped a lot but
I'm not there yet. I've never seen ISA before and I naively assumed
that the CEICW Wizard would handle ISA configuration for me so that I
could run in the same mode as with the native SBS firewall. I had
hoped to be able to defer detailed tweaking of ISA until after the
migration was completed. That expectation was unfounded.
I think the best move I can make is to re-install WITHOUT ISA and
simply write it off as a horrible experience. Otherwise, the server
-- behind a PnP router -- will probably be "safe" (whatever that is.)
I blew an entire weekend trying to make a go of it but I can't afford
any more time; neither can my client.
That'll free me up to concentrate on migration issues, re-training
users who've no experience with domain-based operations, or
Outlook2003 with Exchange, etc.
This production network has all the warts and blemishes one would
expect to see of a peer-to-peer network that traces its origins back
to 1993. The best thing I can say about it is that there are NO
mapped drives in the network. That's probably the only reason it's
been able to grow to its present size without crashing.
Anyway, looks like I've got work to do. Again. It's wearying.
Thanks again.
-- ASelene
- Next message: Justin Crosby [MSFT]: "RE: Additional File Server?"
- Previous message: Chris: "Re: Anyone tri-homed SBS2003?"
- In reply to: Les Connor: "Re: ISA Help Needed"
- Next in thread: Les Connor: "Re: ISA Help Needed"
- Reply: Les Connor: "Re: ISA Help Needed"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
