RE: Unicast vs Multicast Mode for ISA
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 30 Oct 2005 08:41:50 -0600
Only unicast mode is supported if you want to use integrated NLB and you
do.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Akshay [mailto:akshay.bhatnagar@xxxxxxxxx]
> Sent: Saturday, October 29, 2005 8:22 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Unicast vs Multicast Mode for ISA
>
> http://www.ISAserver.org
>
> At an Exchange deployment, we have 2 ISA servers Enterprise
> Ed. (Windows
> 2003 SP1) setup in the DMZ. Windows NLB has been configured to route
> traffic between the two hosts.
>
> The IP address of the NLB Cluster Server (Virtual Node -
> 192.168.0.3) has
> been NATted to the public IP (202.101.101.101). The
> certificate has been
> installed and the web site has been registered for OWA publishing.
>
> Communication from Internal client will be configured to go out to the
> Internet and hit ISA instead of accessing the Front-end
> servers directly.
>
> We tried the following scenarios:
>
> (1) Client in the same subnet (192.168.0.*) as the ISA server: these
> clients were able to connect to the website
> https://owa.corp.com/exchange.
> This seems to imply that ISA is correctly routing HTTPS
> packets between
> Front-end servers and the clients.
> (2) External/Internal clients: Page takes a long time to load
> and gives
> error "Could not find host or DNS error". We have verified
> that the web
> site has already been registered at the ISP.
>
>
> NLB refuses to work in Unicast mode (clients get a "Could not
> find host or
> DNS error"). After setting to Multi-cast mode clients are
> able to connect.
>
> A couple of questions regarding this:
>
> (1) Is Multicast mode (with single affinity) a supported
> configuration for
> NLB? I remember reading in communities that with Multicast
> mode, static
> ARP entries have to be added at some (Cisco) routers. Unicast
> mode, on the
> other hand, is supposed to work seamlessly with all routers.
> If this is
> the case, I cannot explain why the configuration is working
> in Multicast.
> (2) In Multicast mode, ISA servers are in a perpetual
> converging mode. Is
> this an expected behavior? We have 2 OWA servers in the
> corporate LAN also
> configured with NLB (Unicast with single affinity) but which are not
> facing any of these issues. The only difference between the
> two is that
> ISA is setup in the DMZ. Hosts in DMZ cannot ping each other
> even without
> NLB enabled.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
