Re: ISA and VLAN (partly OT)

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 11 Jun 2003 19:25:08 -0500

Hi Jim,

You don't like 802.1q tagging for firewalls? I suppose you don't believe
drawing a line in the sand will keep people from crossing it ? :-)

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, June 11, 2003 5:35 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA and VLAN (partly OT)


http://www.ISAserver.org


I thought we were talking about ISA Server vs. internal infrastructure
switches (HP, as IIRC), not back-end firewalls..?
Since ISA is Windows-based, not *nix-based, it understands multiple
routes
in a single interface quite easily.

I have to admin; the idea of "virtual NICs" raises my hackles (not a
pretty
sight, lemmetellya!) a bit.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, June 11, 2003 15:30
Subject: [isalist] Re: ISA and VLAN (partly OT)


http://www.ISAserver.org


I heard rumors from the guys regularly failing at setting up the FW-1
properly that it is not possible to have a single port assigned to all
VLANs and inhibit routing between VLANs at the same time. I'll check on
this, but it seems logical to me.

Someone mentioned having "multiple virtual NICs" on one physical NIC
would do the trick, but I'm not very confident in his opinion. Ever
heard of such a thing?


> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Thursday, June 12, 2003 12:24 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA and VLAN (partly OT)
>
>
> http://www.ISAserver.org
>
>
> Actually, you'll find option 2 more functional.
>
> The multi-NIC problem is only good if  (ISA PCI Slots /
> VLANS) > 1. Otherwise, you're screwed and only the
> single-master VLAN option is usable. Generally speaking, if
> your switch can create VLANs, then routing between them
> should be controllable as well.
>
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
>
>  Read the help, books and articles!
> ----- Original Message ----- 
> From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, June 11, 2003 14:47
> Subject: [isalist] ISA and VLAN (partly OT)
>
>
> http://www.ISAserver.org
>
>
> Hey guys,
>
> I'd appreciate if you could broaden my horizon on this topic.
>
> Within a month or so I'll install ISA in an environment where
> multiple VLANs are running (I still have to check out the
> hardware on site, I think they use HP switches, but I'm not
> sure). Each of these VLANs need internet access and firewall
> protection, but for security and legal reasons, access or
> rather routing between the VLANs is not allowed.
>
> As this is still in an early stage, I have not completed my
> homework yet, but I would like to hear your comments. As far
> as I understand, I will either have to install multiple NICs
> on the ISA box (one for each VLAN), or I'll assign the ISA
> port on the switch to the VLANs (this would enable routing
> between them, right?).
>
> So which way do I go? Do you see any problems/issues with ISA
> here? Btw they are currently using FW-1 to do the job.
>
> Thanks for your help!
> Mark
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange > Server Resource
> Site: http://www.msexchange.org Windows Security Resource
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange > Server Resource
> Site: http://www.msexchange.org Windows Security Resource
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)
• » Re: ISA and VLAN (partly OT)

1. Home
2. isalist
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---