RE: Gateway to other side
- From: "Phill Hardstaff - SPC" <phillh@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 21 Dec 2003 09:25:02 +1100
Oh Yes you can, if you do this : http://support.microsoft.com/?kbid=311777
Mainly meant to be used with NLB but as far as I know can be used
standalone. It changes the source address of the packet to the firewalls
internal IP so packets go back out through the non-default gateway firewall.
Only downside, especially for a web server is that all traffic is logged as
coming from the firewall.
> Further, proper firewall configuration does not allow a session to be
> started on one and completed on another
That wasn't what the guy asked, he means, stuff coming in thru firewall a
goes back out firewall a, same for firewall b. So to achieve this, you would
simply put the above registry change ONLY on the second firewall, i.e. the
one that is NOT the default gateway.
Phill
----- Original Message -----
From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, December 21, 2003 9:03 AM
Subject: [isalist] RE: Gateway to other side
> http://www.ISAserver.org
>
> When a computer receives a request packet from outside the local network,
as
> configured by the netmask on the NIC, it will send the response via the
> gateway the NIC has.
>
> Further, proper firewall configuration does not allow a session to be
> started on one and completed on another, unless the 2 are working together
> like in an array.
>
> So, the answer is, no, will not work.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
>
> > -----Original Message-----
> > From: Sergio Blum [mailto:sergio@xxxxxxxxxxxxxx]
> > Sent: Saturday, December 20, 2003 2:42 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Gateway to other side
> >
> > http://www.ISAserver.org
> >
> > Hello guys!
> >
> > I'm trying to implement a solution at my company:
> > I already have a firewall installed and configured, and all my servers
> > are working fine.
> > Now I want to add a new link to the company, and install another isa
> > servers for that link. These new one ISA will publish a internal web
> > server.
> > The problem is here, the webserver has one gateway heading the old isa,
> > and it need to stay so, but now I want to publish it through another
> > isa, without changing his gateway...
> >
> > Is there a way to configure it? When a connection is made from one
> > server, it need to reply to that server, not to the gateway. Or setting
> > a gateway to a specific port?
> >
> > Thansk a lot!
> >
> > ________________________________________
Other related posts:
