In our network it is not possible to use your design because of our network
devices capabilities and features so i must a solution suitable to my
existing design.
Thanks.
From: Pouseele Stefaan <Stefaan.Pouseele@xxxxxxx> Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Subject: [isalist] RE: ISA acts as a router in the LAT Date: Fri, 8 Nov 2002 10:36:18 +0100
http://www.ISAserver.org
Hi Osman,
I never use ISA as an internal router. In my opinion ISA isn't designed for
that although you could probably filter between internal segments with the
help of RRAS filters. So, why bothering ISA with traffic he can not control.
Personally I would change the design to a pure network solution:
Subnet#1 -------+ ! Subnet#2 --- [router] --- [ISA] --- Internet . ! Subnet#n -------+
Use an internal router or if possible a layer-3 switch. Every decent
router/L3-switch should have a feature to control the traffic between the
subnets (access filter). The key points are:
1) every subnet has his own servers.
2) on the subnet between the router/L3-switch and the ISA internal interface
you can place servers who are common and accessable to *all* subnets.
3) forbid any communication between the Subnets #1 - #n. These is very easy
with basic access filtering on the router/L3-switch.
You should also check out Jim's article http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a_Com plex_Network.html
BTW --- I run a lot of such designs and they are rock solid ;-)
HTH, Stefaan
-----Original Message----- From: osman filiz [mailto:osmanfiliz@xxxxxxxxxxx] Sent: vrijdag 8 november 2002 10:10 To: [ISAserver.org Discussion List] Subject: [isalist] ISA acts as a router in the LAT
http://www.ISAserver.org
I have ISA server on W2K server with sp2.We use isa as firewall and cache
mode,paket filtering also enabled. Our server is multihomed server,4 network
interfaces are used for internal clients and included in LAT.ISA acts as a router for internal clients that use isa server as default gateway.In our company it is forbidden that clients reach other subnets.How can i prevent user access to other interface using isa?
_________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: osmanfiliz@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
