RE: Topic: Twin WAN Gateway Xincom XC-DPG602 (load balancing) with ISA2000 as DMZ internal firewall
- From: "Ray" <rdzek@xxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Nov 2004 13:37:00 -0800
If it is DNS based (which looking at the website for it is looks like it
is), you have to make significant changes to your DNS environment to get
everything to work. So, yes, the load balancer becomes the gateway as all
DNS requests are handled by the DPG602 in real-time depending on current
network traffic perameters that you set up in the device... AND all the
traffic from both connections is routed through the DGP602 to ensure all the
traffic is properly routed to both connections.
We use the Radware Linkproof. It works very much the same way. It is all
quite complicated, and requires coordination between you, whoever does your
DNS, and the vendor.
Your DNS will look something like:
This tells anyone requesting your www site that they have to go as
NameServer DGP1, or DSP2 (your new device) how to find you.
www NS DGP1
www NS DPP2
DGP1 A IP address of first link
DGP2 A IP address of second link
These DNS entries have to work both inside and outside your company if you
are running a seperate internal DNS server.
When requests come in for your www.stadiumflowers.com site, the DPG602
becomes the DNS authority and using its magic determines which route it
wants the request to come over the DSL, or the cable modem. It then also
routes the traffic from both connections. This is why it has to be your
gateway, as it is routing the traffic for both connections.
Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components
PH: 408-782-5420
FX: 408-782-5421
-----Original Message-----
From: Alan Hoshor [mailto:alan@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, November 11, 2004 12:40 PM
To: [ISAserver.org Discussion List]
Cc: Eric Berglund
Subject: [isalist] Topic: Twin WAN Gateway Xincom XC-DPG602 (load balancing)
with ISA2000 as DMZ internal firewall
Importance: High
http://www.ISAserver.org
We recently purchased a Xincom XC-DPG602 with the expectation that it could
provide load balancing and ISP fail-over utilizing our existing DSL
connection and a new digital cable service. Since the current firewall is
ISA2000, I'd like to keep it. My plan was to put the ISA firewall behind
the DPG602.
Unfortunately once I purchased all these and went to set it up, I seem to be
stymied by my ignorance of dynamic load balancing. We currently have a
number of servers inside our LAN to which ISA redirects static IPs to
individual services like Exchange & web.
This all works great now. The Xincom service technician tells me the only
way the DPG602 will work is if it is the gateway, and the NAT lan is behind
it. I tried to create a DMZ behind the DPG602 using our static IPs from our
DSL ISP. The DPG602 has DMZ and DNAT services. I was unsuccessful so far;
probably missing something simple.
I have a detailed network architecture diagram with the existing and desired
configuration, if it would be useful to someone answering my question I'd be
happy to e-mail it to you. The Xincom XC-DPG602 appears to be an amazing
product at a very reasonable cost. However, so is ISA.
My basic question is why shouldn't this work: DPG602 -> ISA2000 -> Internal
LAN, with the DPG602 load balancing requests from ISA between the DSL and
digital cable services?
Cheers,
Alan Hoshor
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rdzek@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
