Re: ISA and VLAN (partly OT)
- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 12 Jun 2003 00:30:19 +0200
I heard rumors from the guys regularly failing at setting up the FW-1
properly that it is not possible to have a single port assigned to all
VLANs and inhibit routing between VLANs at the same time. I'll check on
this, but it seems logical to me.
Someone mentioned having "multiple virtual NICs" on one physical NIC
would do the trick, but I'm not very confident in his opinion. Ever
heard of such a thing?
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Thursday, June 12, 2003 12:24 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA and VLAN (partly OT)
>
>
> http://www.ISAserver.org
>
>
> Actually, you'll find option 2 more functional.
>
> The multi-NIC problem is only good if (ISA PCI Slots /
> VLANS) > 1. Otherwise, you're screwed and only the
> single-master VLAN option is usable. Generally speaking, if
> your switch can create VLANs, then routing between them
> should be controllable as well.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
> http://isaserver.org/Jim_Harrison
> http://isatools.org
>
> Read the help, books and articles!
> ----- Original Message -----
> From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, June 11, 2003 14:47
> Subject: [isalist] ISA and VLAN (partly OT)
>
>
> http://www.ISAserver.org
>
>
> Hey guys,
>
> I'd appreciate if you could broaden my horizon on this topic.
>
> Within a month or so I'll install ISA in an environment where
> multiple VLANs are running (I still have to check out the
> hardware on site, I think they use HP switches, but I'm not
> sure). Each of these VLANs need internet access and firewall
> protection, but for security and legal reasons, access or
> rather routing between the VLANs is not allowed.
>
> As this is still in an early stage, I have not completed my
> homework yet, but I would like to hear your comments. As far
> as I understand, I will either have to install multiple NICs
> on the ISA box (one for each VLAN), or I'll assign the ISA
> port on the switch to the VLANs (this would enable routing
> between them, right?).
>
> So which way do I go? Do you see any problems/issues with ISA
> here? Btw they are currently using FW-1 to do the job.
>
> Thanks for your help!
> Mark
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange > Server Resource
> Site: http://www.msexchange.org Windows Security Resource
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange > Server Resource
> Site: http://www.msexchange.org Windows Security Resource
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
Other related posts:
