[isalist] Re: Question re: subnet inter-communication
- From: "D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR" <DPietruszka@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 Oct 2006 13:08:47 -0400
1- To have different subnets, you must separate them in any way,
using separate switches or creating VLAN's on your existing ones.
2- Yes, you have to add one NIC for each additional subnet. Yes is
a supported configuration.
The only thing I don't know is: Which one is the limit on the amount of
subnets ISA can handle (Tom ?)
Regards
Diego R. Pietruszka
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Rob Moore
Sent: Thursday, October 05, 2006 11:31 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Question re: subnet inter-communication
Well, like I said, I've never done anything with VLANs.
So, if I understand you right, to keep the new subnets off our main
network, they need to be different physical segments (e.g., physically
different switches), and then they would have to connect to our ISA
server via physically separate NICs. Correct?
Currently, our ISA server has two NICs--one Internal, one External. To
add two (or three) subnets that we want to keep separate from our main
subnet, we'd need to add two (or three) NICs, right? And is this a
supported configuration?
Thanks,
Rob
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Thursday, October 05, 2006 11:10 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Question re: subnet inter-communication
Hi Rob,
Don't mix up VLANs with subnets and physical segmentation. This is an
increasingly common problem I'm seeing out there, though I have no idea
why it's happening.
If you want the ISA Firewall to control access through the subnets, then
they must be different physical segments, or you can use an 802.1q
compliant NIC and create virtual subnets, but I prefer not to do that
since VLAN tagging is a management solution, not a security solution.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
Sent: Thursday, October 05, 2006 9:36 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Question re: subnet inter-communication
Hi list--
This is a fairly straightforward question, probably with a quite
easy answer. But it's something I've not done before and I just want to
bounce it off some others before I bank on it.
I'm using ISA 2004 Standard, will probably move to ISA 2006
Standard in the next month or two.
Currently I have one subnet in this building (172.17.200.0), and
multiple subnets outside the building that are connected to the
172.17.200.0 subnet via VPN. The remote subnets all communicate with the
172.17.200.0 subnet, no problem.
In the near future I want to add a couple of new internal
subnets using VLANs. (I've never done anything with VLANs before.) These
new internal VLAN subnets will go through my ISA server for Internet
access, but I DO NOT want them to communicate with my 172.17.200.0
subnet, nor with any of my other current subnets.
This is easily done, right?
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Help Desk: 800-500-AFSC
Other related posts:
