I have read up a bit about VLANs and had to learn that there is no such thing like a VLAN standard. Anyway, I will check what hardware they have. Then what's wrong about tagging? I understand that normaly the tags are removed by the switch when the frame leaves the port. > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Thursday, June 12, 2003 3:00 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: ISA and VLAN (partly OT) > > > http://www.ISAserver.org > > > I love tagging! > The (as yet unanswered) question was whether or not the > switches could do the job. It wouldn't be the first time a > switch could create VLANs, but couldn't control inter-VLAN > routing except globally <grr>. > > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Wednesday, June 11, 2003 17:25 > Subject: [isalist] Re: ISA and VLAN (partly OT) > > > http://www.ISAserver.org > > > Hi Jim, > > You don't like 802.1q tagging for firewalls? I suppose you > don't believe drawing a line in the sand will keep people > from crossing it ? :-) > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Wednesday, June 11, 2003 5:35 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: ISA and VLAN (partly OT) > > > http://www.ISAserver.org > > > I thought we were talking about ISA Server vs. internal > infrastructure switches (HP, as IIRC), not back-end > firewalls..? Since ISA is Windows-based, not *nix-based, it > understands multiple routes in a single interface quite easily. > > I have to admin; the idea of "virtual NICs" raises my hackles > (not a pretty sight, lemmetellya!) a bit. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Wednesday, June 11, 2003 15:30 > Subject: [isalist] Re: ISA and VLAN (partly OT) > > > http://www.ISAserver.org > > > I heard rumors from the guys regularly failing at setting up > the FW-1 properly that it is not possible to have a single > port assigned to all VLANs and inhibit routing between VLANs > at the same time. I'll check on this, but it seems logical to me. > > Someone mentioned having "multiple virtual NICs" on one > physical NIC would do the trick, but I'm not very confident > in his opinion. Ever heard of such a thing? > > > > -----Original Message----- > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > > Sent: Thursday, June 12, 2003 12:24 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: ISA and VLAN (partly OT) > > > > > > http://www.ISAserver.org > > > > > > Actually, you'll find option 2 more functional. > > > > The multi-NIC problem is only good if (ISA PCI Slots / > > VLANS) > 1. Otherwise, you're screwed and only the > single-master VLAN > > option is usable. Generally speaking, if your switch can > create VLANs, > > then routing between them should be controllable as well. > > > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > > http://isaserver.org/Jim_Harrison > > http://isatools.org > > > > Read the help, books and articles! > > ----- Original Message ----- > > From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Wednesday, June 11, 2003 14:47 > > Subject: [isalist] ISA and VLAN (partly OT) > > > > > > http://www.ISAserver.org > > > > > > Hey guys, > > > > I'd appreciate if you could broaden my horizon on this topic. > > > > Within a month or so I'll install ISA in an environment > where multiple > > VLANs are running (I still have to check out the hardware > on site, I > > think they use HP switches, but I'm not sure). Each of these VLANs > > need internet access and firewall protection, but for security and > > legal reasons, access or rather routing between the VLANs is not > > allowed. > > > > As this is still in an early stage, I have not completed my > homework > > yet, but I would like to hear your comments. As far as I > understand, I > > will either have to install multiple NICs on the ISA box > (one for each > > VLAN), or I'll assign the ISA port on the switch to the VLANs (this > > would enable routing between them, right?). > > > > So which way do I go? Do you see any problems/issues with ISA here? > > Btw they are currently using FW-1 to do the job. > > > > Thanks for your help! > > Mark > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange > Server Resource > > Site: http://www.msexchange.org Windows Security Resource > > Site: http://www.windowsecurity.com/ Network Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange > Server Resource > > Site: http://www.msexchange.org Windows Security Resource > > Site: http://www.windowsecurity.com/ Network Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email > to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a > blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email > to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a > blank email to $subst('Email.Unsub') >