RE: Multihomed Computer
- From: "josephk" <josephk@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 25 Sep 2004 15:19:44 -0700
Hi Thomas,
Inline as well.
Joseph
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Saturday, September 25, 2004 1:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Multihomed Computer
http://www.ISAserver.org
Hi Joseph,
Inline...
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message-----
From: josephk [mailto:josephk@xxxxxxxxx]
Sent: Saturday, September 25, 2004 9:54 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Multihomed Computer
http://www.ISAserver.org
Hi Thomas,
Yup, it's me asking questions! I'm discovering that with ISA 2004
"ROUTE ADD'S" might not be needed is this true?
**TOM: You still need to add routes for networks the ISA firewall isn't
aware of. So, all networks that the ISA firewall isn't directly
connected to, there must be a route added to reach that network. Note
that you don't need to do this if you are publishing resources behind
the back-end ISA firewall, because you are forwarding to the address on
the external interface of the back-end ISA firewall, whch is on a
network that the front-end ISA firewall is directly connected to, so
there is no routing involved here.
I've been reading the docs about setting up subnets and such and your
VPN in a back to back setup, where you had Used 10, 172, 192 and 192 as
another subnet. I'm looking where ISA sets up the process to all you to
ping all those nics.
Switch 1 for example
Has 172.0.0.1 from the multihomed machine
And 172.0.0.2 from a different machine. When on 172.0.0.2 I'm unable to
ping the 172.0.0.1 machine.
**TOM: What machines are plugged into this switch? What machine are
represented by these two addresses?
>>Joseph: My switch has the nic from the backend ISA BOX 172.0.0.1 and
the DNS server which is 172.0.0.2
I've learned a lot this week about ISA 2004 from the groups and reading.
Just did not have enough time to spend on
Getting this new network in place before I fly tomorrow. Guess I'll have
to live with old setup until I get back :(.
**TOM: Life and networks are processes with no destination, they're
always a work in progress :-)
>>Joseph: I'm learning that one! Big, time. When writing the
applications for them you need to know more. However, "the more I know
the less I know. Anonymous person"
So with this article:
http://www.isaserver.org/articles/2004multdmzp2.html what "ROUTE ADD'S"
would be used? It also seems that The route function within ISA is
different then "ROUTE ADD'S" I did not really want to setup lots of
"ROUTE ADD'S" unless it was necessary. I have my *.cmd file ready to
apply or remove the entries when I get just one machine pinging.
**TOM: The only route adds you would need to do would be on the
front-end ISA firewall. And you would only use them IF there is a route
relationship between the honeypot DMZ and one of the back-end networks.
If you're using NAT between the back-end networks, then there is no need
for a route ADD. HTH, Tom
>>Joseph: No I'm doing the honey pot setup. I like that idea. And the
backend firewall has the 4 nics in it. Like the article. As I read
more, all is begging to make more sense. I sometimes like to see the
diagrams and charts in order to make sense of what I see written. So,
I'm making charts based on the questions and answers I receive on this
issue. I'll send it to you when I get the network in this form setup.
Still trying to get the VPN up by tomorrow 6:30 AM pac have to leave
for airport and will be on client site for 3 weeks.
Thank you,
Joseph
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
