Re: internal and external interface on same network segment

No; the problem isn't ISA's IP addresses, but the clients'.
They all need to be in the LAT and doing that on an individual IP basis is
an invitation to baldness.

Can you keep the internal address space and reassign the router a new NAT
IP?

Internet
    | - ext IP
Router
    | - 172.16/240
  ISA
    | - 10.191.x.x
Happy Clients

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Patrick Schmid" <patrick@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, June 07, 2002 2:52 PM
Subject: [isalist] Re: internal and external interface on same network
segment


http://www.ISAserver.org


A multi-domain (NT+2k), multi-site network implemented in one
IP-segment. Changing this is unfortunately not an option.
In ISA server, you assign an internal and an external IP address. Rules
are based on that configuration. Can those two IP addresses be in the
same segment?

Thanks.

Patrick Schmid

> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Friday, June 07, 2002 19:47
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: internal and external interface on
> same network segment
>
>
> http://www.ISAserver.org
>
>
> Why does the router internal IP need to remain as it is?
> ISA will not function as a firewall in this configuration.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/authors/harrison/
> Read the books!
> ----- Original Message -----
> From: "Patrick Schmid" <patrick@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, June 07, 2002 4:57 AM
> Subject: [isalist] internal and external interface on same
> network segment
>
>
> http://www.ISAserver.org
>
>
> Hi,
>
> our network address segments are mandated by an outside
> organization. They have also control over the router which
> links us with their network. We would like to put an ISA
> server between their router and our network. Changing the IP
> addresses in our internal network is not an option. The
> configuration should look similar to this:
>
> LAN - 10.191.84.0/22
> |
> |
> 10.191.84.31 (internal interface), IP can be changed, but has
> to be in same segment 2 ISA Servers with NLB on internal
> interface -- 192.168.0.3 DMZ
> |
> |
> 10.191.84.40
> Cisco Router
>
> All traffic should be routed to the DMZ, if the target is not
> in 10.x.x.x. SMTP traffic is coming in via the Cisco router.
> Currently SMTP is sent to 10.191.84.38. My configuration
> approach would be: external interfaces to DMZ: 192.168.0.1
> and 192.168.0.2 external interfaces to router: 10.191.84.38
> with SMTP Message Screener. Other ISA server with any IP in
> 10.191.84.0/22. Is there any way to use NLB on this interface too?
>
> Is this configuration possible? How would I go about this in
> the ISA configuration?
>
> Thanks.
>
> Patrick Schmid
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: subscription@xxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: