RE: Topic: Twin WAN Gateway Xincom XC-DPG602 (load bala ncing) with ISA2000 as DMZ internal firewall
- From: Troy Radtke <TRadtke@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Nov 2004 15:14:07 -0600
Should work something like this regardless of brand:
connection 1---|
|------------NLB------firewall/proxy------internal network
connection 2---|
The NLB is the DG of your firewall/proxy system. You can infinitely expand
the front end to the max capacity of your NLB system. The firewall/proxy
only cares that it has a DG that it can reach. However the return path goes
is completely up to the NLB and has no effect on the firewall/proxy.
The NLB is completely unaware of the internal networks/DMZs behind the
firewall/proxy system. It only cares that something on the backend is there
for it to talk to and be its DG if it needs one.
Good luck.
-----Original Message-----
From: Alan Hoshor [mailto:alan@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, November 11, 2004 2:40 PM
To: [ISAserver.org Discussion List]
Cc: Eric Berglund
Subject: [isalist] Topic: Twin WAN Gateway Xincom XC-DPG602 (load balancing)
with ISA2000 as DMZ internal firewall
Importance: High
http://www.ISAserver.org
We recently purchased a Xincom XC-DPG602 with the expectation that it could
provide load balancing and ISP fail-over utilizing our existing DSL
connection and a new digital cable service. Since the current firewall is
ISA2000, I'd like to keep it. My plan was to put the ISA firewall behind
the DPG602.
Unfortunately once I purchased all these and went to set it up, I seem to be
stymied by my ignorance of dynamic load balancing. We currently have a
number of servers inside our LAN to which ISA redirects static IPs to
individual services like Exchange & web.
This all works great now. The Xincom service technician tells me the only
way the DPG602 will work is if it is the gateway, and the NAT lan is behind
it. I tried to create a DMZ behind the DPG602 using our static IPs from our
DSL ISP. The DPG602 has DMZ and DNAT services. I was unsuccessful so far;
probably missing something simple.
I have a detailed network architecture diagram with the existing and desired
configuration, if it would be useful to someone answering my question I'd be
happy to e-mail it to you. The Xincom XC-DPG602 appears to be an amazing
product at a very reasonable cost. However, so is ISA.
My basic question is why shouldn't this work: DPG602 -> ISA2000 -> Internal
LAN, with the DPG602 load balancing requests from ISA between the DSL and
digital cable services?
Cheers,
Alan Hoshor
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
- » RE: Topic: Twin WAN Gateway Xincom XC-DPG602 (load bala ncing) with ISA2000 as DMZ internal firewall
