RE: FW: Different firewalls. Maybe a dumb question.
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 19 Jun 2004 10:39:37 -0500
Hi Joe,
Can you post a network diagram? It really speeds up understand of your
environment. You don't need to include every host, just the ones
participating in the communications path.
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Joe Pochedley [mailto:joepochedley@xxxxxxxxx]
Sent: Friday, June 18, 2004 10:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: Different firewalls. Maybe a dumb
question.
http://www.ISAserver.org
I've got my Exchange server set up in a fashion that would
handle this (for the reason to provide incoming redundancy though)...
Please keep in mind that I don't understand this completely, so
maybe someone who has a better grasp of IP and the way things are
handled through ISA can fill in the blanks...
Basically, you can set up a Windows server with two different
default gateways, setting the one with the higher metric to be the one
you want your outbound traffic to go through.... You need to manually
add the second route through the ROUTE ADD command, as doing it through
the GUI doesn't seem to stick... Doing this will cause all outbound
mail to go through the lower metric gateway, but the Exchange server
will still respond back through the ISA server that accepted the
incoming SMTP session... Without these two gateways on the Exchange
server, incoming client requests sent to the second (incoming only) ISA
server never seem to get a response back from the Exchange box...
Now, this is where my understanding falls apart... It's my
understanding in the realm of IP routing that the route to and from a
client doesn't need to be the same... Having the outbound part of a
incoming SMTP communication go through a different gateway should work
OK... Maybe it's just the way the session is initiated and flow handled
through ISA? (I haven't tested this type of scenario without ISA) I
was told once that this quirk may be due to Windows support for dead
gateway detection (DGD)... Maybe that's the case though I don't
understand DGD enough to say for sure... I can confirm that I haven't
been able to replicate this ability to communicate simultaneously
through two ISA servers (inbound SMTP) to a Linux box (which doesn't
support DGD), but I can also confirm that I've run this configuration on
multiple Exchange boxes behind two ISA servers...
Not to usurp the thread, but if anyone can tell me how to allow
a Linux SMTP box (SNAT of course) to accept and properly respond to
incoming SMTP requests from two ISA servers which are acting as default
gateways to two different ISPs, I would be eternally grateful. (Hey,
I'm sure it would provide an alternate resolution to the original
question as well!)
Joe Pochedley
________________________________
From: G. Waleed Kavalec [mailto:Kavalec@xxxxxxxx]
Sent: Friday, June 18, 2004 12:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: Differenet firewalls. Maybe a dumb
question.
http://www.ISAserver.org
Please forgive the cross-post...
-----Original Message-----
To: MS-Exchange Admin Issues
Subject: Differenet firewalls. Maybe a dumb question.
Can I direct outgoing mail through a different firewall than
incoming mail?
Firewall = ISA server 2K
Exchange = 2K
And if so, how?
----------------------------
G. Waleed Kavalec
Baca, Stein, White and Associates
281-342-2646
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: JoePochedley@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
