I need to plan the following configuration on ISA Server 2004:
I need to set up a secondary gateway on ISA Server, that would be used as a backup for when my primary connection is down. The second internet connection is a gentle offer from a neighbor, who has posed the condition that I don't do any change in his network configuration other than port forwarding. (Basically: I get permission as long as everything is painless and doesn't require any configuration on his side).
- primary gateway is on an ADSL line with static IP (public)
- secondary gateway would be a connection to a wireless router, with a static IP address
- the wireless router has NAT installed and I would configure "virtual server" to forward from all ports to the internal address ISA would be listening to
- the wireless router has the internal interface set to 192.168.1.x, which happen to be the same private network I set up in my internal network
- I cannot reconfigure the wireless router, except for the port forwarding mentioned above, so I would end up with ISA server using as secondary gateway an address it considers "internal" (I understand security implications, and the fact that ISA complains about external interface in the same subnet of internal network)
- I have a third NIC ready on the server for the secondary gateway, and it would be separate from real internal network being on a different VLAN
I would like to achieve the following:
- Isa Server using the secondary gateway only as backup (configuring 'metric' right?)
- Isa Server considering, if possible, that address as kind of 'exception', thus enforcing security even thoug the address is in the internal subnet
- SMTP server published through ISA should map through the secondary gateway as well (configuring MX record in DNS)
- DNS through secondary gateway as well
I could, of course, change my whole internal subnet to be 192.168.y.x, where y is not equal to 1, but I would prefer not to reconfigure the servers (I really fear what Active Directory can do...)
Does anyone know if such a configuration is possible (if not "supported"), and what kind of problems I would face?
It would be also nice (if the router of the secondary gateway permits VPN passthrough), to be able to connect to my internal network thorugh VPN, which is configured in ISA server.
Thanks in advance to anyone that will point me in the right direction.