[isapros] ISA Chaining
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Sun, 22 Oct 2006 15:04:54 -0400
I'm going to need to chain a couple of ISA servers, I think, and need to
check if my thinking it correct before I do so. I could use a bit of
advice from those of your typically supporting larger environments.
The network is setup with 2 main hubs with a bunch of branch offices
hanging off each one. The Main Office has a T1 to the Internet. The
other hub has no Internet access except through the Main Office.
However, the hubs all have DSL or cable Internet connections. The only
firewall in the network sits between the Main Office and it's T1 to the
Internet. They completely trust the Internal network regardless of
whether the branch has its own Internet access or not.
My goals are:
Stop trusting the branch offices
Separate the web facing servers from the LAN servers
Eliminate general purpose web traffic over the T1 lines
Eventually setup VPN instead of T1 between branch offices and hubs
Current setup:
Main office (vintage checkpoint) T1 to Internet
Main office T1 to Other Hub
Main office T1 lines to branch offices
Other Hub T1 lines to branch offices
Some branch offices have Cable Internet routers and all are getting them
soon along with the Other Hub location
Proposed placement of ISA servers:
Main Office Internal Network (ISA here) - (T1 line) -- Other Main Hub of
Network with Internal facing servers only - (ISA here) -- Cable
Connection to Internet and branch offices
Main Office web servers -(T1 line) - (ISA here) - Internet and Branch
Offices
Another way of looking at it:
ISA
Web servers
ISA
Internal servers - T1 Other Hub - Internal servers - ISA - Internet and
Branches
Have I missed any ISA servers?
Amy
Other related posts:
