RES: RE: Topic: Twin WAN Gateway Xincom XC-DPG602 (load balancing) with ISA2000 as DMZ internal firewall
- From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Nov 2004 20:53:03 -0200
Hey Tom, some time ago you sent a page of a similar device! Was it this
one??
I want one for Christmas!! =)
Tiago
_____
De: Ray [mailto:rdzek@xxxxxxxxxxxxxxx]
Enviada em: quinta-feira, 11 de novembro de 2004 19:37
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: Topic: Twin WAN Gateway Xincom XC-DPG602 (load
balancing) with ISA2000 as DMZ internal firewall
http://www.ISAserver.org
If it is DNS based (which looking at the website for it is looks like it
is), you have to make significant changes to your DNS environment to get
everything to work. So, yes, the load balancer becomes the gateway as
all DNS requests are handled by the DPG602 in real-time depending on
current network traffic perameters that you set up in the device... AND
all the traffic from both connections is routed through the DGP602 to
ensure all the traffic is properly routed to both connections.
We use the Radware Linkproof. It works very much the same way. It is
all quite complicated, and requires coordination between you, whoever
does your DNS, and the vendor.
Your DNS will look something like:
This tells anyone requesting your www site that they have to go as
NameServer DGP1, or DSP2 (your new device) how to find you.
www NS DGP1
www NS DPP2
DGP1 A IP address of first link
DGP2 A IP address of second link
These DNS entries have to work both inside and outside your company if
you are running a seperate internal DNS server.
When requests come in for your www.stadiumflowers.com site, the DPG602
becomes the DNS authority and using its magic determines which route it
wants the request to come over the DSL, or the cable modem. It then
also routes the traffic from both connections. This is why it has to be
your gateway, as it is routing the traffic for both connections.
Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components
PH: 408-782-5420
FX: 408-782-5421
-----Original Message-----
From: Alan Hoshor [mailto:alan@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, November 11, 2004 12:40 PM
To: [ISAserver.org Discussion List]
Cc: Eric Berglund
Subject: [isalist] Topic: Twin WAN Gateway Xincom XC-DPG602
(load balancing) with ISA2000 as DMZ internal firewall
Importance: High
http://www.ISAserver.org
We recently purchased a Xincom XC-DPG602 with the expectation
that it could provide load balancing and ISP fail-over utilizing our
existing DSL connection and a new digital cable service. Since the
current firewall is ISA2000, I'd like to keep it. My plan was to put
the ISA firewall behind the DPG602.
Unfortunately once I purchased all these and went to set it up,
I seem to be stymied by my ignorance of dynamic load balancing. We
currently have a number of servers inside our LAN to which ISA redirects
static IPs to individual services like Exchange & web.
This all works great now. The Xincom service technician tells me
the only way the DPG602 will work is if it is the gateway, and the NAT
lan is behind it. I tried to create a DMZ behind the DPG602 using our
static IPs from our DSL ISP. The DPG602 has DMZ and DNAT services. I
was unsuccessful so far; probably missing something simple.
I have a detailed network architecture diagram with the existing
and desired configuration, if it would be useful to someone answering my
question I'd be happy to e-mail it to you. The Xincom XC-DPG602 appears
to be an amazing product at a very reasonable cost. However, so is ISA.
My basic question is why shouldn't this work: DPG602 -> ISA2000
-> Internal LAN, with the DPG602 load balancing requests from ISA
between the DSL and digital cable services?
Cheers,
Alan Hoshor
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: rdzek@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
- » RES: RE: Topic: Twin WAN Gateway Xincom XC-DPG602 (load balancing) with ISA2000 as DMZ internal firewall
