RE: Static routes for specific servers

• From: "adrian bolzan" <abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 24 May 2005 09:15:45 +1000

Hi,

Thanks to everyone for their insight and advice.


Cheers,
Adrian


> -----Original Message-----
> From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> Sent: Saturday, 21 May 2005 2:06 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Static routes for specific servers
>
> http://www.ISAserver.org
>
> Hey, I never do anything the "normal" way...
>
> If you define a "public" interface as one that is usable to
> reach your network FROM the outside, that'd be the case.
>
> Isn't semantics fun?
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Friday, May 20, 2005 11:17
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Static routes for specific servers
>
> http://www.ISAserver.org
>
> Dan, Dan, Dan...
> Your scenario is very different from the "norm".
> This is why I used the term "public" interfaces.
>
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
> 
>
> -----Original Message-----
> From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> Sent: Friday, May 20, 2005 06:39
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Static routes for specific servers
>
> http://www.ISAserver.org
>
> It does work, but not very well.  Did you forget our favorite
> conversation already Jim? *grin* 
>
> Yes, you can have multiple external networks, connected to
> different ISPs (public interfaces), but you can only have one
> default gateway.
> So, the second (third, fourth, etc...) will sit there idle
> because no traffic will be routed over them. 
>
> Then, you can use the Windows ROUTE command to route
> "outbound" traffic over the other external networks.  This
> does work, and it works very well.
>
> The tricky part is that you have to get VERY SPECIFIC about
> what IPs you route via alternate routes.  You can't just
> route an entire subnet over an alternate route and expect it to work.
>
> For example, a distant webserver is at IP 123.123.123.1, and
> you decide to route the entire 123.123.123.x subnet over an
> alternate public interface.  Outbound requests go through the
> ISA server (Windows does the actual routing), take the
> alternate route, and return.  It works great.  However, there
> is a problem if there is a workstation at IP 123.123.123.2,
> and they want to contact you.  They resolve your hostname to
> be your main IP address, and connect to you.  Your ISA server
> (again, Windows does the actual routing) sees that IP as
> being part of the 123.123.123.x subnet, and routes it back to
> them through the alternate route, thus losing the packet.
>
> That is the main reason we invested in RainConnect, it was
> possible without it, but entirely unpractical.  Possibly in
> some situations where only a few specific servers are
> involved it would be practical.
>
> Does one server support two "public" interfaces?  Yes.
> Does it work well?  No.
>
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Friday, May 20, 2005 08:59
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Static routes for specific servers
>
> http://www.ISAserver.org
>
> You must use two different servers to accomplish this.
> ISA doesn't support two "public" interfaces.
>
> -----Original Message-----
> From: adrian bolzan [mailto:abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, May 19, 2005 10:55 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Static routes for specific servers
>
> http://www.ISAserver.org
>
>
> Hi,
>
> No, I actually do not want to load balance.  I just want one
> server to send its data to and from the internet through one
> internet connection and another server through the second
> internet connection.
>
> That is, all Internal networks can talk to both servers (squid and
> email) on DMZ's through ISA.
> The squid server and email server also are protected by the ISA.
> The squid server, however, sends data to/from through ISA to
> the internet via an ADSL connection, whilst the email server
> sends to/from the internet through ISA but via a Frame relay
> connection.
>
> Cheers.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe
> visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>

============================================================
IMPORTANT - This email and any attachments is confidential.
If received in error, please contact the sender and delete
all copies of this email. Please note that any use,
dissemination, further distribution or reproduction of this
message in any form is strictly prohibited. Before opening or
using attachments, check them for viruses and defects.
Regardless of any loss, damage or consequence, whether caused
by the negligence of the sender or not, resulting directly or
indirectly from the use of any attached files, our liability
is limited to resupplying any affected attachments. 
Any representations or opinions expressed in this email are
those of the individual sender, and not necessarily those
of the Capital Transport Services.
============================================================

Other related posts:

• » Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers
• » RE: Static routes for specific servers

1. Home
2. isalist
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---