[isalist] Re: Question re: subnet inter-communication

• From: "Rob Moore" <RMoore@xxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Thu, 5 Oct 2006 11:30:32 -0400

Well, like I said, I've never done anything with VLANs.
 
So, if I understand you right, to keep the new subnets off our main
network, they need to be different physical segments (e.g., physically
different switches), and then they would have to connect to our ISA
server via physically separate NICs. Correct?
 
Currently, our ISA server has two NICs--one Internal, one External. To
add two (or three) subnets that we want to keep separate from our main
subnet, we'd need to add two (or three) NICs, right? And is this a
supported configuration?
 
Thanks,
Rob

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Thursday, October 05, 2006 11:10 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Question re: subnet inter-communication


Hi Rob,
 
Don't mix up VLANs with subnets and physical segmentation. This is an
increasingly common problem I'm seeing out there, though I have no idea
why it's happening.
 
If you want the ISA Firewall to control access through the subnets, then
they must be different physical segments, or you can use an 802.1q
compliant NIC and create virtual subnets, but I prefer not to do that
since VLAN tagging is a management solution, not a security solution.
 
HTH,
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- Microsoft Firewalls (ISA)

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
        Sent: Thursday, October 05, 2006 9:36 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Question re: subnet inter-communication
        
        

        Hi list-- 

        This is a fairly straightforward question, probably with a quite
easy answer. But it's something I've not done before and I just want to
bounce it off some others before I bank on it.

        I'm using ISA 2004 Standard, will probably move to ISA 2006
Standard in the next month or two. 

        Currently I have one subnet in this building (172.17.200.0), and
multiple subnets outside the building that are connected to the
172.17.200.0 subnet via VPN. The remote subnets all communicate with the
172.17.200.0 subnet, no problem.

        In the near future I want to add a couple of new internal
subnets using VLANs. (I've never done anything with VLANs before.) These
new internal VLAN subnets will go through my ISA server for Internet
access, but I DO NOT want them to communicate with my 172.17.200.0
subnet, nor with any of my other current subnets.

        This is easily done, right? 

        Thanks, 
        Rob 

        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 
        Rob Moore 
        Network Manager 
        215-241-7870 
        Help Desk: 800-500-AFSC 

• Follow-Ups:
  • [isalist] Re: Question re: subnet inter-communication
    • From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR

• References:
  • [isalist] Re: Question re: subnet inter-communication
    • From: Thomas W Shinder

Other related posts:

• » [isalist] Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication
• » [isalist] Re: Question re: subnet inter-communication

1. Home
2. isalist
3. Archive
4. 10-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---