RE: OT: WAN Advice
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 18 Dec 2004 14:29:08 -0500
David,
If the topology doesn't matter then the router should be the default
gateway for the network and the router should redirect external requests
to the firewall?
Amy
-----Original Message-----
From: David Haam [mailto:DavidH@xxxxxxxxxxxx]
Sent: Saturday, December 18, 2004 12:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT: WAN Advice
http://www.ISAserver.org
Hi Amy,
What you pointed out with the router making the determination of which
T1 to use for sending traffic is the right idea. The physical topology
isn't the critial piece, however.
You can have the router have the routing tables to point to the second
router (the Netgear firewall in this case). The big issue is making sure
that the return routes also work properly.
e.g.
* Router to WAN-T1 has IP routes to all WAN & Internal IPs (and so do
all the other WAN routers).
* Router to WAN-T1 also has an default route (0.0.0.0/0) to the netgear
for non local Ips.
* All internal devices route out to the WAN-T1 router as default
gateway.
In most cases the above should work fine. If you draw this out and watch
traffic going out and then also for coming in, you'll see that the
outbound will go:
host -> WAN-router -> Internet-router -> Internet
The return path is:
Internet -> Internet-router -> host
Since the WAN-router is merely "redirecting" the internet traffic to the
netgear and doesn't really impact the route, the difference in the
outgoing and return paths should be irrelevant.
The key is to make the network infrastructure deal with the routing.
I've seen places try to place static routes on hosts and that is just
such a pain to deal with!
Feel free to msg me off line if you'd like further clarification.
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Saturday, December 18, 2004 8:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] OT: WAN Advice
http://www.ISAserver.org
It's been about 8 years since I last worked in a WAN environment and
about 4 since I last looked at a router and that was only to study for
my little used CCNA. In small business consulting you do a lot of VPN
but rarely a WAN. Rusty but ready. So here's the situation:
Company has 4 offices connected to each other with T1 lines. Each office
has a second T1 for Internet access. There's a Windows 2000 DC at each
location. The main office is called Macomb. (starting to sound like a
test question, eh?) The servers are not able to contact each other and
browsing doesn't work either. Active directory is complaining as is the
licensing service. Users are dropping randomly off the network.
Individuals can get to the Internet sometimes, sometimes not. Workers
are going around the office looking for the computer that can get to the
Internet. They tell me that the network used to work when they were with
XO but since they switched to LDMI they have these problems. To the
users it appears to be intermittent outages; to me it appears that the
routing isn't right.
The T1 to the Internet is connected to a netgear firewall, then to the
switch. The T1 to the Macomb office is connected to a router, then to
the switch.
Looks like this: T1 Macomb - Router
-----------
Switch
T1 Internet - Firewall
They've had two other consultants in there poking around. The first guy
had them buy a new firewall and switches. The second guy removed adware
and junk from the PC's. Neither solved anything.
Here's my thought.
Back in the day we would connect a WAN like this:
T1 Macomb
------------Router - Switch
T1 Internet - Firewall
Am I correct? Shouldn't both T1 lines connect to the router so it can
make the decision whether the request is for the Internet or the WAN?
Amy
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
davidh@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
