RE: B2B DMZ Redundant internal ISA server

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 24 Jun 2003 13:58:39 -0500

Hi Gillian,

The account is configured on the upstream and the downstream send
credentials to the upstream. I don't see how creating different accounts
would be more secure, but you could create two accounts such as ISA1 and
ISA2 and that might make reporting and troubleshooting a little easier.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Gillian Cook [mailto:gcook@xxxxxxx] 
Sent: Tuesday, June 24, 2003 1:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] B2B DMZ Redundant internal ISA server


http://www.ISAserver.org


Question,

What is the recommended setup in a redundant internal ISA server in a
B2B DMZ configuration.

      EXT ISA
                        DMZ

INT ISA1      INT ISA2



My main question is this:

Should I use the same account for the upstream firewall and web routing
rule on both of the internal ISA servers to connect to the upstream
(external) isa server?  Or use a separate, different account.

Are there pro's and con's in each config?

We would use round robin DNS for accessing the internal clients to the
internal ISA servers (config in IE and in Firewall Client).  Therefore,
if one ISA server went down, internal users would still be able to
connect to the other internal ISA and get outbound to Internet.

TIA,

Gillian

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 06-2003