Solved

ISA 2006 Multiple Internet access points

Posted on 2007-12-04
8
486 Views
Last Modified: 2010-04-21
Hi Guys

Have a customer that would like to direct access to the internet via different ADSL connections based on AD security groups.

Server
ISA2006, W2k3 SP2.

Currently I can control access to the internet via security groups.

What I believe I will need to do is install a Third Nic card in the ISA 2006 server configure it as a secondard External interface and then control access Via security groups.

I would like some advice on this or know if anyone has already configure thier system in this way. I would also like to know if they is anyway to the third nic as a rollover for the primary External Nic. Thus giving me a backup internet connection.

Thanks for your help


0
Comment
Question by:BrendanKing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20409478
Not tried this as it is not a recommended method.  ALL users will need toi have their default gateways pointed at the ip address of the internal nic regardless of security group membership. ISA will then route traffic to the appropriate nic based on the routing table setup on the host windows operating system - Remember ISA is not a router itself, its job is to allow/block traffic that passes through its interfaces based on the routes that Windows holds.

No, you would not be able to failover a card/line that way.




0
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 125 total points
ID: 20409485
ISA 2006 does not directly support multiple default routes.  You will need to look into a third party add on to make this work.

I'm not aware of one that does what you request.  There are some that will load balance multiple default routes, but not on the basis of users and groups.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 125 total points
ID: 20409538
Just to be clear here, ISA does not know about ANY routes  - ie you do not tell ISA any routes. The routes are put into the Windows operating system via the NIC tcpip settings or Route -p ADD statements. If you removed ISA from the server, the routing would still be there on the host OS.

The only aspect ISA is interested in regarding addressing are the LAT entries that tell it which IP addresses it can expect on which NIC so that it can protect against spoofing attacks.

Windows does not support multiple default gateways therefore ISA would not be able to either. Sorry.

Keith
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20409547
Thanks for the clarification, Keith :)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20414926
Welcome :)
0
 
LVL 1

Author Closing Comment

by:BrendanKing
ID: 31412781
Hi Guys

Yes I did some more research and found that ISA does not support multiply Internet access points. I will have to find a hardware solution. Possible a router that support Ldap or Radius lookups.

Thanks for the responces.
0
 
LVL 1

Author Comment

by:BrendanKing
ID: 20415156
Hi Guys

Yes I did some more research and found that ISA does not support multiply Internet access points. I will have to find a hardware solution. Possible a router that support Ldap or Radius lookups.

Thanks for the responces.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20415331
Welcome and thanks.  However, no offence, ISA does support multiple Internet connections.

I have two different adsl connections on my home network through my ISA2006 server. I use routing to split my traffic out. For example, I run a lot of games that use the Internet to connect so I have put static routes into the windows OS with route -p add statements that send the traffic out of adsl2 but all my normal traffic goes out of adsl1.  ALL traffic arrives at ISA through the internal nic but then the routing table decides which nic the traffic will leave out of, it cannot be decided by user or by AD/Security group.

I have access rules that allow internal to external and internal to perimeter (the dmz interface that connects to my 2nd adsl).

As mentioned, it will not fail over either.....

Keith
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BSODs from ntoskrnl.exe and fltmgr.sys 4 104
DHCP lease issue ? 8 98
Firewall attack 16 195
ACL per VPN User 12 108
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question