[isalist] Re: Question re: subnet inter-communication

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Thu, 5 Oct 2006 10:09:54 -0500

Hi Rob,
 
Don't mix up VLANs with subnets and physical segmentation. This is an
increasingly common problem I'm seeing out there, though I have no idea
why it's happening.
 
If you want the ISA Firewall to control access through the subnets, then
they must be different physical segments, or you can use an 802.1q
compliant NIC and create virtual subnets, but I prefer not to do that
since VLAN tagging is a management solution, not a security solution.
 
HTH,
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- Microsoft Firewalls (ISA)

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
        Sent: Thursday, October 05, 2006 9:36 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Question re: subnet inter-communication
        
        

        Hi list-- 

        This is a fairly straightforward question, probably with a quite
easy answer. But it's something I've not done before and I just want to
bounce it off some others before I bank on it.

        I'm using ISA 2004 Standard, will probably move to ISA 2006
Standard in the next month or two. 

        Currently I have one subnet in this building (172.17.200.0), and
multiple subnets outside the building that are connected to the
172.17.200.0 subnet via VPN. The remote subnets all communicate with the
172.17.200.0 subnet, no problem.

        In the near future I want to add a couple of new internal
subnets using VLANs. (I've never done anything with VLANs before.) These
new internal VLAN subnets will go through my ISA server for Internet
access, but I DO NOT want them to communicate with my 172.17.200.0
subnet, nor with any of my other current subnets.

        This is easily done, right? 

        Thanks, 
        Rob 

        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 
        Rob Moore 
        Network Manager 
        215-241-7870 
        Help Desk: 800-500-AFSC 

• Follow-Ups:
  • [isalist] Re: Question re: subnet inter-communication
    • From: Rob Moore

Other related posts:

• » [isalist] Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication

1. Home
2. isalist
3. Archive
4. 10-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---