Re: NAT + ISA
Save yourself a bunch of trouble and straighten up your topology. Run the
ISA with two external facing Nics. Run both the Fiber and the DSL directly
into the ISA. Whichever Nic has the Default Gateway (choose only one) will
be the default "path" to the internet. The Second path can only be used for
*specified* destinations as arranged in the OS's Routing Table.
The SQL service on the ISA will be accessed by whichever IP# (with
accompanying line) that is associated with the Name they use when resolved
by DNS. ISA can "publish" the SQL Service to either IP# or both IP#s. ISA
would also be "publishing" the Website from the LAN to one of the ISA's
external side IP#s.
[Fiber 88.255.136.x] [DSL 85.105.106.x]
\ /
\ /
----------[ISA/SQL]--------
|
|
<LAN 192.168.35.x>??
[Webserver on Lan 192.168.35.203]
Note: Before you ask,...No, you can *not* do load balancing or fail-over
with the two lines by using ISA. That requires a commercial quality Router
with Dynamic Routing Protocols and is usually a cooperative effort involving
both you and the ISP. The Router would be upstream of the ISA and the ISA
would use the traditional two-nic setup. Like this:
[Fiber 88.255.136.x] [DSL 85.105.106.x]
\ /
\ /
--[Load Balance Router (no NAT)]--
|
<New IP segment>
|
[ISA]
|
<LAN 192.168.35.x>??
[Webserver on Lan 192.168.35.203]
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"Nime" <nime@yes.no> wrote in message
news:ecZ7CRr5HHA.2752@TK2MSFTNGP06.phx.gbl...
> No, SQL is a domain controller and someone did config. it as well.
>
> "Mathieu CHATEAU" <gollum123@free.fr> wrote in message
> news:Oar5pId5HHA.3940@TK2MSFTNGP05.phx.gbl...
>> so you installed ISA 2004 (2006) but didn't config it ?
>>
>> --
>> Cordialement,
>> Mathieu CHATEAU
>> http://lordoftheping.blogspot.com
>>
>>
>> "Nime" <nime@yes.no> wrote in message
>> news:63BBB2F3-DF9E-4903-87D0-75AC7DE3F03A@microsoft.com...
>>> Mathieu, here are my trace route results at SQL, as you see
>>> I can connect from SQL to WEB on both interfaces.
>>>
>>> #### WEB'S EXTERNAL IP TEST
>>> C:\Documents and Settings\Administrator>tracert 88.255.136.42
>>>
>>> En fazla 30 atlamanin üstünde
>>> WEB [88.255.136.42]'ye izleme yolu :
>>>
>>> 1 3 ms <1 ms <1 ms WEB [88.255.136.42]
>>>
>>> Izleme tamamlandi.
>>>
>>> #### WEB'S INTERNAL IP TEST
>>>
>>> C:\Documents and Settings\Administrator>tracert 192.168.35.203
>>>
>>> En fazla 30 atlamanin üstünde
>>> WEB [192.168.35.203]'ye izleme yolu :
>>>
>>> 1 <1 ms <1 ms <1 ms WEB [192.168.35.203]
>>>
>>> Izleme tamamlandi.
>>>
>>>
>>> What dou you mean by ISA config? I didn't config. it so that's
>>> why I'm here : )
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Mathieu CHATEAU" <gollum123@free.fr>
>>> Newsgroups:
>>> microsoft.public.windows.server.general,microsoft.public.windows.server.networking,microsoft.public.windows.networking.firewall
>>> Sent: Thursday, August 23, 2007 11:16 PM
>>> Subject: Re: NAT + ISA
>>>
>>>
>>>> he shouldn't have to since he is using nat.
>>>> SQL should see connection from the WEB IP (NAT) and so answer to him.
>>>>
>>>> From this schema, the SQL can't reach the fiber network because
>>>> it'sonly
>>>> linked to the second nic of the web server.
>>>>
>>>> Nime, how did you configure ISA ?
>>>>
>>>> --
>>>> Cordialement,
>>>> Mathieu CHATEAU
>>>> http://lordoftheping.blogspot.com
>>>>
>>>>
>>>> "johnboy007" <johnboy007@discussions.microsoft.com> wrote in message
>>>> news:6DBD1AD5-A94B-4428-B152-148A58520CC8@microsoft.com...
>>>>> Your problem is that the default gateway of the SQl seems to be the
>>>>> DSL
>>>>> line
>>>>> it should be the fibre optic, chances are the users are connecting but
>>>>> the
>>>>> outbound traffic is going aniother route so you NEVER get a reply.
>>>>> There are
>>>>> quite a few settings that you need to do depending on the setup.Send
>>>>> the IP
>>>>> addresses (with gateways) and the route table on the ISA (route print)
>>>>> is the
>>>>> ISA handling all the outbound traffic?
>>>>>
>>>>> "Nime" wrote:
>>>>>
>>>>>> Hi, my network map is below.
>>>>>>
>>>>>>
>>>>>>
>>>>>> PROBLEM: I want people to connect the SQL server through the our
>>>>>> new
>>>>>> metro/fiber line.
>>>>>> At the moment they connect the SQL server over slow DSL line.
>>>>>>
>>>>>> I've enabled NAT on WEB machine. Port mapping works successfully.
>>>>>> However people
>>>>>> cannot connect the SQL server through fiber line. Instead, they
>>>>>> connect over DSL line.
>>>>>>
>>>>>> From the WEB machine, I can telnet SQL on default port 1433. Below
>>>>>> is the command line:
>>>>>> C:\> TELNET 192.168.35.210 1433
>>>>>>
>>>>>>
>>>>>> NAT Properties for public interface of WEB
>>>>>> Service: TCP
>>>>>> Incoming port: 1433
>>>>>> Private Address: 192.168.35.210
>>>>>> Outgoing port: 1433
>>>>>>
>>>>>> I've tested it at http://whatsmyip.org/ports/ with port 1433 and
>>>>>> got
>>>>>> a timeout error.
>>>>>> It has gave me a clue, I think ISA server causes a problem, I'm not
>>>>>> sure. If I use
>>>>>> other port number which one is not in use, I receive "connection
>>>>>> refused" error
>>>>>> instead of "timeout".
>>>>>>
>>>>>>
>>>>>> Do you know what can be the problem and of course, any solution?
>>>>>>
>>>>>> Thanks
>>>>
>>>
>>
>