RE: Multiple external Networks...
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 24 Feb 2005 13:23:29 -0800
Double-NAT only bothers those that think single-NAT is magic.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
________________________________________
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 24, 2005 13:10
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Multiple external Networks...
http://www.ISAserver.org
Hey Dan,
"I think the cost of the program isn't as big of an issue as the fact that we
have a cheap device sitting here that will essentially do the same thing,
albeit not as gracefully"
My only fear with considering on using another device to weather or not it will
still nat your two connections which means you end up with a double nat on your
ISA box externally. With Rainconnect you don't have to worry about that
possibility. Sorry but I have not tested RainConnect and since I don't have my
second connection anymore its unlikely that I will anytime soon.
Andrew
________________________________________
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, February 24, 2005 3:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Multiple external Networks...
http://www.ISAserver.org
Okay, looking for input from you guys, on our favorite topic, multiple external
Networks!
(I can hear Jim groaning already...)
The specifics:
ISA 2004 (SE)
Windows 2003 Server (SE)
1 external 1.5Mbps Network (NIC) connected to main ISP
1 external 4.5Mbps Network (NIC) connected to secondary ISP
Each ISP has a separate domain name, and I can use either one to access the ISA
server from the outside, works great.
The problems:
1. In the current configuration, ALL outbound traffic is routed through our
main ISP, leaving the other one pretty much idle. Basically, we're wasting
money on this connection.
2. Due to a contract signed before I arrived, we're stuck with paying for this
secondary ISP connection until the contract runs out in 2007.
3. Although this secondary ISP is a 4.5Mbps connection (this summer it will be
bumped to 7.5Mbps), it is shared by many other schools in the general area, and
it turns out that our 1.5Mbps connection has a much better response rate.
4. I attempted to redirect subnets to use the secondary ISP through the ROUTE
command, but found that only works with outbound connections. For example, I
cannot redirect all outbound requests to CNN's website using a broad subnet,
and still have anyone else on the 64.x.x.x subnet to be able to reach us on
inbound connections. Thus, I'd have to specify specific IP addresses to be
routed to do a manual version of load balancing, instead of an entire subnet.
This is doable, but is a very tedious process.
5. About the only thing I can use this secondary ISP for right now is as a
fail-over device. But even then I'd have to go in and make all the changes to
redirect traffic through the other NIC by hand, not practical for short-term
outages.
Then enters RainConnect. I've looked at this program a bit, but find the
information on it a bit confusing. Supposedly it will do what I need, which is
load-balancing between multiple ISPs. However, the descriptions of how it
works shows a single NIC, with multiple virtual IPs connected to a switch, that
is connected to the multiple ISPs. If this is the case, I have a $69 hardware
device sitting here that does pretty much the same thing but for far less than
the cost of RainConnect (especially since it was donated).
My question is: Has anyone actually used RainConnect, how does it work, and how
well does it work?
I think the cost of the program isn't as big of an issue as the fact that we
have a cheap device sitting here that will essentially do the same thing,
albeit not as gracefully.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
