Solved

ISA 2006 Multiple Internet access points

Posted on 2007-12-04
8
487 Views
Last Modified: 2010-04-21
Hi Guys

Have a customer that would like to direct access to the internet via different ADSL connections based on AD security groups.

Server
ISA2006, W2k3 SP2.

Currently I can control access to the internet via security groups.

What I believe I will need to do is install a Third Nic card in the ISA 2006 server configure it as a secondard External interface and then control access Via security groups.

I would like some advice on this or know if anyone has already configure thier system in this way. I would also like to know if they is anyway to the third nic as a rollover for the primary External Nic. Thus giving me a backup internet connection.

Thanks for your help


0
Comment
Question by:BrendanKing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20409478
Not tried this as it is not a recommended method.  ALL users will need toi have their default gateways pointed at the ip address of the internal nic regardless of security group membership. ISA will then route traffic to the appropriate nic based on the routing table setup on the host windows operating system - Remember ISA is not a router itself, its job is to allow/block traffic that passes through its interfaces based on the routes that Windows holds.

No, you would not be able to failover a card/line that way.




0
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 125 total points
ID: 20409485
ISA 2006 does not directly support multiple default routes.  You will need to look into a third party add on to make this work.

I'm not aware of one that does what you request.  There are some that will load balance multiple default routes, but not on the basis of users and groups.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 125 total points
ID: 20409538
Just to be clear here, ISA does not know about ANY routes  - ie you do not tell ISA any routes. The routes are put into the Windows operating system via the NIC tcpip settings or Route -p ADD statements. If you removed ISA from the server, the routing would still be there on the host OS.

The only aspect ISA is interested in regarding addressing are the LAT entries that tell it which IP addresses it can expect on which NIC so that it can protect against spoofing attacks.

Windows does not support multiple default gateways therefore ISA would not be able to either. Sorry.

Keith
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20409547
Thanks for the clarification, Keith :)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20414926
Welcome :)
0
 
LVL 1

Author Closing Comment

by:BrendanKing
ID: 31412781
Hi Guys

Yes I did some more research and found that ISA does not support multiply Internet access points. I will have to find a hardware solution. Possible a router that support Ldap or Radius lookups.

Thanks for the responces.
0
 
LVL 1

Author Comment

by:BrendanKing
ID: 20415156
Hi Guys

Yes I did some more research and found that ISA does not support multiply Internet access points. I will have to find a hardware solution. Possible a router that support Ldap or Radius lookups.

Thanks for the responces.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20415331
Welcome and thanks.  However, no offence, ISA does support multiple Internet connections.

I have two different adsl connections on my home network through my ISA2006 server. I use routing to split my traffic out. For example, I run a lot of games that use the Internet to connect so I have put static routes into the windows OS with route -p add statements that send the traffic out of adsl2 but all my normal traffic goes out of adsl1.  ALL traffic arrives at ISA through the internal nic but then the routing table decides which nic the traffic will leave out of, it cannot be decided by user or by AD/Security group.

I have access rules that allow internal to external and internal to perimeter (the dmz interface that connects to my 2nd adsl).

As mentioned, it will not fail over either.....

Keith
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question