Re: Use two NICs? Convince me.

  • From: Alexandre Gauthier <gauthiera@xxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 29 Aug 2005 14:25:33 -0400

One more thing, (I know replying to myself is a pretty bad habit on a
mailing list), I would like to mention that they were using ISA 2000 back
then, and relied on the LAT table to get this to work -- install was done by
using the loopback card as a temporary measure so the configuration should
be done -- now they migrated to 2004 and want to keep the same setup.

Don't give me the dirty looks, I am just trying to convince them that their
setup is crap.

-----Message d'origine-----
De : Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] 
Envoyé : 29 août 2005 14:21
À : [ISAserver.org Discussion List]
Objet : [isalist] Re: Use two NICs? Convince me.

http://www.ISAserver.org

Yes. Not supported -- but it works...

I'd like to understand why, if it is not supposed to work at all, it works?

Please someone enlighten me. It does works, I have a fine example sitting
over there.

So far my client would not be convinced, the exchange would go like this:

Me: "Well, it is not supposed to be that way."
Him: "... But it works, right?"
Me: "Well... yeah, but it says the feature is not available."
Him: "Well, it works, and has worked for the past two years."
Me: "..."

Hardly convincing...

-----Message d'origine-----
De : JimmyJoeBobAlooba [mailto:jim@xxxxxxxxxxxx] 
Envoyé : 29 août 2005 14:16
À : [ISAserver.org Discussion List]
Objet : [isalist] Re: Use two NICs? Convince me.

http://www.ISAserver.org

NOT SUPPORTED

I don't think I can be any more clear...

----- Original Message ----- 
From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, August 29, 2005 11:08 AM
Subject: [isalist] Re: Use two NICs? Convince me.


http://www.ISAserver.org

No, not really. I wish they were though.

Quote:

The following features are not available when ISA Server 2004 is configured
in single network adapter mode:
* IP packet filtering
* Multi-network firewall policy
* Application-level filtering
* Virtual private networking
* Server publishing
* Firewall clients


However, Firewall clients and IP packet filter seem to indeed be working.
And they have been working for years. It's not like it was set up yesterday
and I am wondering why I doesn't work...

-----Message d'origine-----
De : JimmyJoeBobAlooba [mailto:jim@xxxxxxxxxxxx]
Envoyé : 29 août 2005 14:03
À : [ISAserver.org Discussion List]
Objet : [isalist] Re: Use two NICs? Convince me.

http://www.ISAserver.org

KBs are your friend:
http://support.microsoft.com/?id=838364
http://support.microsoft.com/?id=840471

----- Original Message ----- 
From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, August 29, 2005 10:56 AM
Subject: [isalist] Use two NICs? Convince me.


http://www.ISAserver.org

Greetings,



Would anyone be so kind as to attempt to convince me that I *need* two
network cards in my ISA 2004 firewall over here?



(now please note that I did not design this network.)



The configuration is made like this. The servers and the local LAN share one
subnet (192.168.10.0/24) and are all behind a netscreen firewall. Somewhere
among the servers is a single nic ISA 2004 server with a gateway (the
netscreen). The client workstations use the Firewall client to connect to
the internet, for they have no gateway, and even if they did, the netscreen
is configure to only NAT out specific IPs.



So far, it works. With a few hitches, but it works. We can add filtering
rules for the client workstations, and restrict what we want.



Why should I add another card and redesign part of the network that is
already working?



(I honestly did not do such a thing. I'd redesign it, but my client is not
necessarily happy about this, and I need arguments.)



--

Alexandre Gauthier

Analyste Réseau/Network Analyst

Québec Loisirs







------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2005