RE: Gateway to other side
- From: "Sergio Blum" <sergio@xxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 20 Dec 2003 20:40:47 -0300
Tanks a lot! I'll try it!
>>> phillh@xxxxxxx 20/12/2003 19:25:02 >>>
http://www.ISAserver.org
Oh Yes you can, if you do this :
http://support.microsoft.com/?kbid=311777
Mainly meant to be used with NLB but as far as I know can be used
standalone. It changes the source address of the packet to the
firewalls
internal IP so packets go back out through the non-default gateway
firewall.
Only downside, especially for a web server is that all traffic is
logged as
coming from the firewall.
> Further, proper firewall configuration does not allow a session to
be
> started on one and completed on another
That wasn't what the guy asked, he means, stuff coming in thru firewall
a
goes back out firewall a, same for firewall b. So to achieve this, you
would
simply put the above registry change ONLY on the second firewall, i.e.
the
one that is NOT the default gateway.
Phill
----- Original Message -----
From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, December 21, 2003 9:03 AM
Subject: [isalist] RE: Gateway to other side
> http://www.ISAserver.org
>
> When a computer receives a request packet from outside the local
network,
as
> configured by the netmask on the NIC, it will send the response via
the
> gateway the NIC has.
>
> Further, proper firewall configuration does not allow a session to
be
> started on one and completed on another, unless the 2 are working
together
> like in an array.
>
> So, the answer is, no, will not work.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
>
> > -----Original Message-----
> > From: Sergio Blum [mailto:sergio@xxxxxxxxxxxxxx]
> > Sent: Saturday, December 20, 2003 2:42 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Gateway to other side
> >
> > http://www.ISAserver.org
> >
> > Hello guys!
> >
> > I'm trying to implement a solution at my company:
> > I already have a firewall installed and configured, and all my
servers
> > are working fine.
> > Now I want to add a new link to the company, and install another
isa
> > servers for that link. These new one ISA will publish a internal
web
> > server.
> > The problem is here, the webserver has one gateway heading the old
isa,
> > and it need to stay so, but now I want to publish it through
another
> > isa, without changing his gateway...
> >
> > Is there a way to configure it? When a connection is made from one
> > server, it need to reply to that server, not to the gateway. Or
setting
> > a gateway to a specific port?
> >
> > Thansk a lot!
> >
> > ________________________________________
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sergio@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
