Re: ISA and VLAN (partly OT)

• From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 12 Jun 2003 22:40:45 +0200

I have read up a bit about VLANs and had to learn that there is no such
thing like a VLAN standard. Anyway, I will check what hardware they
have.

Then what's wrong about tagging? I understand that normaly the tags are
removed by the switch when the frame leaves the port. 

> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
> Sent: Thursday, June 12, 2003 3:00 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA and VLAN (partly OT)
> 
> 
> http://www.ISAserver.org
> 
> 
> I love tagging!
> The (as yet unanswered) question was whether or not the 
> switches could do the job. It wouldn't be the first time a 
> switch could create VLANs, but couldn't control inter-VLAN 
> routing except globally <grr>.
> 
> 
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, June 11, 2003 17:25
> Subject: [isalist] Re: ISA and VLAN (partly OT)
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Jim,
> 
> You don't like 802.1q tagging for firewalls? I suppose you 
> don't believe drawing a line in the sand will keep people 
> from crossing it ? :-)
> 
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
> 
> 
> 
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Wednesday, June 11, 2003 5:35 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA and VLAN (partly OT)
> 
> 
> http://www.ISAserver.org
> 
> 
> I thought we were talking about ISA Server vs. internal 
> infrastructure switches (HP, as IIRC), not back-end 
> firewalls..? Since ISA is Windows-based, not *nix-based, it 
> understands multiple routes in a single interface quite easily.
> 
> I have to admin; the idea of "virtual NICs" raises my hackles 
> (not a pretty sight, lemmetellya!) a bit.
> 
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message ----- 
> From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, June 11, 2003 15:30
> Subject: [isalist] Re: ISA and VLAN (partly OT)
> 
> 
> http://www.ISAserver.org
> 
> 
> I heard rumors from the guys regularly failing at setting up 
> the FW-1 properly that it is not possible to have a single 
> port assigned to all VLANs and inhibit routing between VLANs 
> at the same time. I'll check on this, but it seems logical to me.
> 
> Someone mentioned having "multiple virtual NICs" on one 
> physical NIC would do the trick, but I'm not very confident 
> in his opinion. Ever heard of such a thing?
> 
> 
> > -----Original Message-----
> > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > Sent: Thursday, June 12, 2003 12:24 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: ISA and VLAN (partly OT)
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Actually, you'll find option 2 more functional.
> >
> > The multi-NIC problem is only good if  (ISA PCI Slots /
> > VLANS) > 1. Otherwise, you're screwed and only the 
> single-master VLAN 
> > option is usable. Generally speaking, if your switch can 
> create VLANs, 
> > then routing between them should be controllable as well.
> >
> >  Jim Harrison
> >  MCP(NT4, W2K), A+, Network+, PCG  
> http://www.microsoft.com/isaserver
> >  http://isaserver.org/Jim_Harrison
> >  http://isatools.org
> >
> >  Read the help, books and articles!
> > ----- Original Message -----
> > From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Wednesday, June 11, 2003 14:47
> > Subject: [isalist] ISA and VLAN (partly OT)
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Hey guys,
> >
> > I'd appreciate if you could broaden my horizon on this topic.
> >
> > Within a month or so I'll install ISA in an environment 
> where multiple 
> > VLANs are running (I still have to check out the hardware 
> on site, I 
> > think they use HP switches, but I'm not sure). Each of these VLANs 
> > need internet access and firewall protection, but for security and 
> > legal reasons, access or rather routing between the VLANs is not 
> > allowed.
> >
> > As this is still in an early stage, I have not completed my 
> homework 
> > yet, but I would like to hear your comments. As far as I 
> understand, I 
> > will either have to install multiple NICs on the ISA box 
> (one for each 
> > VLAN), or I'll assign the ISA port on the switch to the VLANs (this 
> > would enable routing between them, right?).
> >
> > So which way do I go? Do you see any problems/issues with ISA here? 
> > Btw they are currently using FW-1 to do the job.
> >
> > Thanks for your help!
> > Mark
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1 
> > Exchange > Server Resource
> > Site: http://www.msexchange.org Windows Security Resource
> > Site: http://www.windowsecurity.com/ Network Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as: 
> > jim@xxxxxxxxxxxx To unsubscribe send a blank email to 
> > $subst('Email.Unsub')
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1 
> > Exchange > Server Resource
> > Site: http://www.msexchange.org Windows Security Resource
> > Site: http://www.windowsecurity.com/ Network Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as: 
> > m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a blank email to 
> > $subst('Email.Unsub')
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email 
> to $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a 
> blank email to $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email 
> to $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a 
> blank email to $subst('Email.Unsub')
> 

Other related posts:

• » ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)

1. Home
2. isalist
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---