Re: multiple external interfaces

  • From: "Reed, Russ" <Russ.Reed@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 1 Jul 2002 15:55:20 -0500

I would have both WAN interfaces (on the Nexland box) listen and forward smtp 
traffic (port 25) to the LAN interface (on the Nexland box). I would connect 
the external NIC on the ISA server to the LAN interface (on the Nexland box). 
Then I would publish my email server on one IP address on the outside ISA NIC. 
I am thinking server publishing would be configured as "normal". The ISA server 
would have its servers published on the "private LAN" side of the Nexland box.

-----Original Message-----
From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
Sent: Monday, July 01, 2002 3:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: multiple external interfaces


http://www.ISAserver.org


At that client we published E2k MAPI and SMTP, as well as OWA, https, and
Citrix Metaframe (nfuse).

I don't think you'd be able to split smtp traffic - how do you plan on
configuring server publishing for the ISA?

However, for $400 it might be worth a test.

----- Original Message -----
From: "Reed, Russ" <Russ.Reed@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 01, 2002 2:18 PM
Subject: [isalist] Re: multiple external interfaces


http://www.ISAserver.org


Were you publishing any servers on the ISA machine? How well did the Nexland
hand server traffic?

I am would like to have two mail server addresses (one pointing to each
WAN). Then have the Nexland box forward both sets of mail traffic to the
same ISA box. I would then publish one email server on the ISA box. Sounds
like I should be able to do this?

-----Original Message-----
From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
Sent: Monday, July 01, 2002 12:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: multiple external interfaces


http://www.ISAserver.org


Yes, for a short time.
We had it behind 2 Sonicwalls using different Internet connections, and in
front of an ISA server.
The only problem we had was accessing the Sonicwall admin interface -
required at least 70% load distributed to that port. (Tech support is very
responsive and they sent us newer firmware, but we never got around to
testing it). However, failover worked fine.

----- Original Message -----
From: "Reed, Russ" <Russ.Reed@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 01, 2002 12:46 PM
Subject: [isalist] Re: multiple external interfaces


http://www.ISAserver.org


Have you or anyone else out there tried the Nexland ProTurbo?

-----Original Message-----
From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
Sent: Saturday, June 29, 2002 10:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: multiple external interfaces


http://www.ISAserver.org


If you subscribe to Network Computing, or SANS, or one of a dozen other
independent security newsgroups, you'll find that LINUX security is
extremely immature, especially compared to Microsoft products (compared to
what's out there and the customer base, MS gets a bad rap).  Putting a LINUX
machine in front of
an ISA box might work in a lab, though without 3rd party software to provide
that load balancing I'm not sure what benefit you'll see.  But putting in
production won't last long without it being compromised.

There are several ways of handling this.  Jim Harrison has provided some 3rd
party options.  Nexland ProTurbo is another cheap alternative.  Or you can
ask your ISPs to provide BGP.  Or if you feel like doing a little hard work,
you can script failover and provide a semblance of load balancing (services)
without any 3rd party option.

But LINUX?

----- Original Message -----
From: "Razvan Cosma" <razvan.cosma@xxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, June 29, 2002 6:52 AM
Subject: [isalist] Re: multiple external interfaces


> http://www.ISAserver.org
>
>
> On Sat, 29 Jun 2002, LordIPX wrote:
>
> > http://www.ISAserver.org
> >
> >
> > What's the solution for multiple external interfaces under ISA?
> > I need that ;-)
> >
> Just place ISA behind a Linux machine.
>
> /me, pissed off
>
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
russ.reed@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
russ.reed@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
russ.reed@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2002