Ah - the old multi-redundant WAN... The problem with using client-side failover is that it depends completely on how the client determines "availability" and how it (fails to) handle failback as well. You *can* deploy ISA EE servers in a single array across those links, but what you'll actually achieve is not what you seek. The other problem is what "down" means - just because the ISA responds doesn't mean the Internet link is alive. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] Sent: Thursday, September 08, 2005 07:16 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Arrary - redunant/failover? http://www.ISAserver.org Yes they can. Bit more of the configuration We have the three offices as I mentioned before, Office A, B and C All desktops are configured as firewall clients as well as proxy clients so for instance Office A firewall client is configured to look at Office A firewall and Office B firewall client is configured to look at Office B firewall. At present Office C firewall client is configured to look at either Office A or B but normally Office A as this is a faster connection. This config is done via the WPAD and DHCP Office A has a 2mbit leased line connection to Office B but also has a 10mbit laser link to Office C - Default gateway is router that connects the links together Office B has a 2mbit leased line connection to Office B and also another 2mbit leased line connection to Office C - Default gateway is router that connects links together Office C has a 10mbit laser link to Office A and a 2mbit leased line connection to Office B - Default gateway is router that connects links together In the event that the Office A ISA 2004 SE goes down we want clients to move across to Office B for the moment but sometime in the future we will also have an ISA in Office C as well. Hope this helps and is not to confusing Paul Crisp Snr Network Support Analyst -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 08 September 2005 15:04 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Arrary - redunant/failover? http://www.ISAserver.org Can users in one office even see the "backside" of the ISA in the other office? -----Original Message----- From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] Sent: Thursday, September 08, 2005 6:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Arrary - redunant/failover? http://www.ISAserver.org What would be the best way to deploy them, I'm open to suggestions as we are only using ISA 2004 SE in two offices at the moment. Paul Crisp Snr Network Support Analyst -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 08 September 2005 14:47 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Arrary - redunant/failover? http://www.ISAserver.org That would depend on how you deploy them. Also, consider that in an Enterprise array, the configuration data that's delivered to the web proxy and firewall clients will contain *all* of the array members. This will cause web proxy and firewall clients to use any of the listed ISA servers as the *client* deems necessary according to the CARP algorithm and how the client determines the health of the last known ISA. -----Original Message----- From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] Sent: Thursday, September 08, 2005 2:58 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Arrary - redunant/failover? http://www.ISAserver.org Is there any problem with using array over different subnets and therefore providing LAN redundancy? Paul Crisp Snr Network Support Analyst ________________________________ From: Geldrop, Paul van [mailto:paul.van.geldrop@xxxxxxxxxxxxx] Sent: 08 September 2005 08:57 To: [ISAserver.org Discussion List] Subject: RE: [isalist] ISA Arrary - redunant/failover? Options available to you: - Use an Enterprise edition array consisting of multiple ISA servers. This will ensure connectivity for your LAN clients should one of the servers fail. It will, however, not ensure connectivity in case your WAN-connection goes bye-bye. - Use an Enterprise edition array consisting of multiple ISA servers and a redundant WAN connection This will ensure connectivity for your LAN clients should one of the servers fail. Using a product like Rainconnect (correct me if I'm wrong, gentlemen ?), will ensure connectivity in case your WAN-connection goes bye-bye. Of course, there are other points of failure you will have to consider (redundant switches/routers at LAN-level, etc). Question is, how desperate are you to maintain Web access for your clients ? You will not be able to realise this scenario with one ISA 2000 Server. You will have to examine the various options and identify the one component in your set-up that is most likely to fail. Or, if you have enough budget for it, implement all of the options. :P PS: You can also Standard edition arrays, but you will have to configure NLB manually and maintain an actual configuration on both servers through import/export-procedures instead of being able to use central storage for the ISA array configuration. Regards, Paul. ________________________________ From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Wed 9/7/2005 5:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Arrary - redunant/failover? http://www.ISAserver.org Goal: provide LAN clients with redunant access to the web, where current configuration consists of one ISA 2000 server. Would an ISA array be most suitable to accomplish this goal, or NLB, or just another router/gateway? Thank you, ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: paul.van.geldrop@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pcrisp@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pcrisp@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.