If it is DNS based (which looking at the website for it is looks like it is), you have to make significant changes to your DNS environment to get everything to work. So, yes, the load balancer becomes the gateway as all DNS requests are handled by the DPG602 in real-time depending on current network traffic perameters that you set up in the device... AND all the traffic from both connections is routed through the DGP602 to ensure all the traffic is properly routed to both connections. We use the Radware Linkproof. It works very much the same way. It is all quite complicated, and requires coordination between you, whoever does your DNS, and the vendor. Your DNS will look something like: This tells anyone requesting your www site that they have to go as NameServer DGP1, or DSP2 (your new device) how to find you. www NS DGP1 www NS DPP2 DGP1 A IP address of first link DGP2 A IP address of second link These DNS entries have to work both inside and outside your company if you are running a seperate internal DNS server. When requests come in for your www.stadiumflowers.com site, the DPG602 becomes the DNS authority and using its magic determines which route it wants the request to come over the DSL, or the cable modem. It then also routes the traffic from both connections. This is why it has to be your gateway, as it is routing the traffic for both connections. Ray Dzek Network Operations Supervisor Specialized Bicycle Components PH: 408-782-5420 FX: 408-782-5421 -----Original Message----- From: Alan Hoshor [mailto:alan@xxxxxxxxxxxxxxxxxx] Sent: Thursday, November 11, 2004 12:40 PM To: [ISAserver.org Discussion List] Cc: Eric Berglund Subject: [isalist] Topic: Twin WAN Gateway Xincom XC-DPG602 (load balancing) with ISA2000 as DMZ internal firewall Importance: High http://www.ISAserver.org We recently purchased a Xincom XC-DPG602 with the expectation that it could provide load balancing and ISP fail-over utilizing our existing DSL connection and a new digital cable service. Since the current firewall is ISA2000, I'd like to keep it. My plan was to put the ISA firewall behind the DPG602. Unfortunately once I purchased all these and went to set it up, I seem to be stymied by my ignorance of dynamic load balancing. We currently have a number of servers inside our LAN to which ISA redirects static IPs to individual services like Exchange & web. This all works great now. The Xincom service technician tells me the only way the DPG602 will work is if it is the gateway, and the NAT lan is behind it. I tried to create a DMZ behind the DPG602 using our static IPs from our DSL ISP. The DPG602 has DMZ and DNAT services. I was unsuccessful so far; probably missing something simple. I have a detailed network architecture diagram with the existing and desired configuration, if it would be useful to someone answering my question I'd be happy to e-mail it to you. The Xincom XC-DPG602 appears to be an amazing product at a very reasonable cost. However, so is ISA. My basic question is why shouldn't this work: DPG602 -> ISA2000 -> Internal LAN, with the DPG602 load balancing requests from ISA between the DSL and digital cable services? Cheers, Alan Hoshor ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rdzek@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx