RE: ISA/VPN NLB on Win2003
- From: "David V. Dellanno" <ddellanno@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 27 Jun 2003 11:46:10 -0400
Found my answer for WS03
Migrating from Windows NT Server 4.0 to Windows Server 2003
http://tinyurl.com/ffmi
NLB Support for L2TP/IPSec Traffic
In Windowsâ2000, Network Load Balancing (NLB) could not manage IPSec security
associations (SAs) among multiple servers. If a server in the cluster became
unavailable, the SAs managed by that cluster were orphaned and eventually timed
out. This meant that you could not cluster L2TP/IPSec VPN servers. You could
use DNS round-robin for load distribution across multiple L2TP/IPSec VPN
servers, but there was no fault tolerance.
In the Windows Serverâ2003 family, NLB has been enhanced to provide
clustering support for IPSec SAs. This means that you can create a cluster of
L2TP/IPSec VPN servers, and NLB will provide both load balancing and fault
tolerance for L2TP/IPSec traffic.
This feature is provided only with Windows Serverâ2003, Enterprise Edition,
and Windows Serverâ2003, Datacenter Edition.
-----Original Message-----
From: David V. Dellanno
Sent: Friday, June 27, 2003 11:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA/VPN NLB on Win2003
http://www.ISAserver.org
So is it possible to puchase ISA Standard edition with Windows 2003
Standard edition to achive this? If so, will this cause certain issue with the
firewall using NLB?
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, June 27, 2003 11:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA/VPN NLB on Win2003
http://www.ISAserver.org
Hey guys,
I just had to share my joy. Multiple ISA firewalls running on
Win2003 using NLB. PPTP and L2TP/IPSec -- SWEET and it works with WinXP SP1 and
allow the other VPN clients that had a problem with the reponses coming from
the "wrong" IP address.
Next step is to check it out in VPN gateway to gateway mode.
Two VPN gateways at the local site, two VPN gateways at the remote site. See if
fail over works smoothly.
One downside -- I still have to create the arrays the old way,
the NLB Manager is a bit "flakey" for want of a better term and leads to more
stress and strain then required. Create the NLB arrays the old fashioned way,
no problem, and everything works. :-) I'd be happy to hear from anyone who's
had a good experience with the Win2003 NLB Manager 'cause its always good to
hear from the other side, and maybe I can learn a thing or two!
HTH<
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: ddellanno@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole
use of the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ddellanno@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
Other related posts:
