Re: ...newcomer questions.....
- From: "Jim Scolman" <jim.scolman@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 25 Oct 2002 09:27:54 -0700
Good morning Jim, thanks for the clearification. But I am still not clear,
the ISA box has two interfaces, would they both plug into the switch, swC ?
I understand using the router to route between the two networks....but how
does switch C come into the picture? I have a Viso drawing of this if it
would help, it doesn't help me, I don't understand the router and switch
being in "series". Thanks for your help and patinece. Jim Scolman.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, October 25, 2002 8:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ...newcomer questions.....
http://www.ISAserver.org
Yes; I understood that.
A rephrase of my response is: "don't do that unless you're willing to use
RRAS LAN routing to provide for inter-subnet traffic."
ISA should not be used to provide intranet routing.
A clarification of my diagram would be:
SvrA SvrB
| |
NetA NetB
| |
SwA SwB
|----Rtr----|
|
SwC
|
ISA
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Jim Scolman" <jim.scolman@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, October 24, 2002 2:40 PM
Subject: [isalist] Re: ...newcomer questions.....
http://www.ISAserver.org
Hi Jim, thanks for responding, perhaps my diagram was not clear, network A
and network b are connected to the ISA box, each network is connected to one
of the interfaces in the ISA box. Then each server is connected to one of
the two switch stacks. Thanks Jim Scolman
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, October 24, 2002 2:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ...newcomer questions.....
http://www.ISAserver.org
ISA actually makes a poor router; that's not what it was designed to do.
If you want it to serve Internet content to both of those networks, then you
should connect them as:
NetA NetB
| |
-------|---------
ISA
..if this isn't possible, install RRAS as a LAN rout on the ISA and let it
handle the NetA - NetB traffic, while ISA handles the Internet stuff.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Jim Scolman" <jim.scolman@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, October 24, 2002 12:29 PM
Subject: [isalist] ...newcomer questions.....
http://www.ISAserver.org
This is a multi-part message in MIME format.
----------------------------------------------------------------------------
----
Hello All, I am new to the list and new to ISA server. I am an Admin with a
school district, and inherited an ISA server at one of my schools. Here is
the layout;
Workstation group A, server A
switch stack A, network A
IAS Proxy Server
switch stack B, network B
Workstation group B, server B
Network A is a "stand alone" LAN, working through switch stack A.
Network B is connected to the school district WAN via a fiber connection to
the school MDF, and T1 to the district data center.
One of the ISA server interfaces is connected to switch stack A, and the
other is connected to switch stack B. Network A can connect to the Internet
and connect to server A, but to nothing else on the "other" side of the
proxy. Network B can "see" all of the District WAN but none of LAN A. I
was told the sole purpose of installing the proxy server was to enable the
teachers on LAN A to "cut off" Internet access to workstation group A. I
have looked at the various Rules, etc on the proxy and there is a "No
Internet" rule. All of the appropriate protocol filters and rules seem to
be configured and working. TCP/IP protocols, ICMP, etc are allowed, but I
cannot ping from LAN A to the "outside". Another issue is District eMail
for the teachers on LAN A, I have researched the subject and learned that MS
Outlook will not work "thru" the Proxy. The main issue is this; if I
connect the teacher workstations to LAN B, they have eMail and access to the
district WAN but NO ACCESS to LAN A. The teacher on LAN B has access to
eMail, the district WAN AND TO LAN A! I cannot find any configuration in
the IAS that is causing this situation. Routing is not turned on in the IAS
proxy, I have experimented with is but it seems to require an IAS server on
each side of the route or tunnel. Can the IAS work as a router between
these two LANs and still offer the Internet protection required of LAN A ?
I have done much research and reading on IAS and I not been able to answer
my questions. I hope this is enough information for one of you to help.
Thanks for your patience and expertise. Sincerely Jim Scolman.
Jim Scolman
Technology Contractor
206-972-1431
jim.scolman@xxxxxxxxxxxxx
"if you can keep your head when all those around you......"
Jim Scolman
Technology Contractor
206-972-1431
jim.scolman@xxxxxxxxxxxxx
"if you can keep your head when all those around you......"
----------------------------------------------------------------------------
----
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim.scolman@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim.scolman@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
