RE: SSL Problems with ISA 2004

  • From: "Ball, Dan" <DBall@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 22 Jan 2005 12:05:05 -0500

Yes, this is intriguing... I didn't know it was that big of a deal, all
the promos leading up to ISA2004's release described it as being capable
of such, and when I was finally able to try it out, it worked just like
I had anticipated, so why is this such a revelation?

That makes me wonder, what exactly is an ISP?  ISP, Internet Service
Provider, someone who provides you with Internet Access, is how I'd
define it.  If you can utilize their network to reach addresses on the
Internet, I'd consider them an ISP of some sort.  If I connect two ISPs
to the ISA server, and am able to use them to access resources from
either of them by routing, then I'd consider it a dual-ISP system.

I had only set this up with one subnet, so hadn't really played with it
to a great extent, so your posts really got me wondering.  So, this
morning I tried it out a bit more to make sure it was working like I
thought it did.  I tried CNN as an example, did a tracert to it, and,
like expected, it routed through the NIC for ISP1 (default gateway).  I
then took the 64.0.0.0 subnet (which CNN is in), and used the ROUTE ADD
command to tell it to use the NIC for ISP2 for that range.  I then did
another tracert and it found it was now using the route via the NIC for
ISP2, exactly as expected.  Just to be sure, I went and browsed some of
the obscure pages on CNN's site to make sure it wasn't just a cached
copy I was seeing.

Utilizing this information, I can see a relatively simple script that
would check for a connection being up on ISP1, and change the default
gateway to ISP2 if needed.  I also have thought of a couple of other
theoretical possibilities for load-balancing, but will need to pursue
those more before I can say they'd work.

 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Friday, January 21, 2005 20:18
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SSL Problems with ISA 2004

http://www.ISAserver.org


I'll stipulate that you've defined it as an "external" network, but I'll
also bet that this is a misconfiguration that just "happens to work".
If you're willing, you can send me your ISAInfo privately and one of two
things will result:
1 - your configuration will spawn a KB or whitepaper (basically a WAN)
2 - I'll respond with corrective steps

This "dual ISP" distinction is important.
What you describe is nothing more than a "special routing arrangment",
NOT "dual ISP connections".

No argument that you've managed to create an efficient network this way,
but it's not what the community at large understands as "two ISP
connections".



Other related posts: