Shaft0rz
asked on
ISA Server Routing between 3 ip networks - feasible?
Hi,
I'm not by any means an ISA expert. I will be in charge of setting up our new network, however. I need a reality check on the setup I'm envisioning. Is this the best way to set things up (if it works at all)?
Internet Router
|
|
ISA machine
/ \
/ \
/ \
Domain1 Domain2
(192.168.1.0) (192.168.2.0)
Each domain will have its own domain controller, and the two domains will have two-way trust relationships. I'm looking to set up ISA server to route traffic in these ways:
- From Domain1 to the internet (and vice-versa. domain1 will contain our webserver, so traffic needs to come in)
- From Domain2 to the internet (and vice-versa)
- From Domain1 to Domain2 (and vice-versa)
The ISA machine will have 3 NICs, and we'll have >3 external IP addresses to work with.
I just need to be sure that ISA server can handle this, and maybe some opinions on whether or not this is the best idea.
Thanks in advance, I really appreciate it
I'm not by any means an ISA expert. I will be in charge of setting up our new network, however. I need a reality check on the setup I'm envisioning. Is this the best way to set things up (if it works at all)?
Internet Router
|
|
ISA machine
/ \
/ \
/ \
Domain1 Domain2
(192.168.1.0) (192.168.2.0)
Each domain will have its own domain controller, and the two domains will have two-way trust relationships. I'm looking to set up ISA server to route traffic in these ways:
- From Domain1 to the internet (and vice-versa. domain1 will contain our webserver, so traffic needs to come in)
- From Domain2 to the internet (and vice-versa)
- From Domain1 to Domain2 (and vice-versa)
The ISA machine will have 3 NICs, and we'll have >3 external IP addresses to work with.
I just need to be sure that ISA server can handle this, and maybe some opinions on whether or not this is the best idea.
Thanks in advance, I really appreciate it
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys,
I've got my basic question answered, which of course unleashed a whole slew of others now, but I've got enough to go on. :)
I've got my basic question answered, which of course unleashed a whole slew of others now, but I've got enough to go on. :)
ASKER
As for isolating the traffic, I think it might be necessary. We have a few hosted solutions for clients that reside on a set of servers, and will be adding more. Additionally, we will be setting up a VPN between our production servers and our main client in the future. Financial and personal information will be maintained on the production network. Also, it's a requirement (from my boss) to be able to isolate all traffic for the production network from the users network. My understanding is to isolate all broadcast traffic, we'd need to use seperate ip networks? Everything's connected by switches, too, and I'm trying to cut down on the traffic each switch is seeing.
A definite possibilty would be using bsd/linux as a router, instead of ISA.
Seperating ALL IP traffic might be a little overkill, but I need to try to meet that requirement. If I have a good enough reason why it's a bad/unnecessary idea, that's fine. It might be enough to purchase some new switches, so that all production servers are on the same switch. That would cut any traffic they see down to a minimum, right?