You can do the same with either ISA or Proxy2. ISA is obviously newer
and more advanced, but use whatever you want or can afford. However,
if you use ISA you MUST study ISA first, there is a LOT to it. You
can't just whip out the CD "load 'er up & let 'er rip" or you'll be
writing newsgroup messages for the next two months trying to sort out
the mess. Topology first, software second. You said you "might" go
with VPN,...well you have to decide what you are really going to do
first, then design the system upon that.
If you go with VPN:
A. Setup a two-nic proxy (ISA or Proxy2, I don't care).
B. Setup the proxy to receive VPN calls.
C. If remote workstations connect via VPN independently & singley,
VPN callers receive an IP# from your DHCP. You could also statically
assign them as long as you reserve a series of IP#s from your system
for that purpose. Their remote workstations become part of your
subnet via the IP# of their "VPN Adapter". They put your proxy's IP#
within the "dial up" connection properties *within* the Browser's
Connection settings. They do not put proxy settings in their Browser's
Connection/LAN settings.
-- The IP# of thier NIC is irrelevant
-- Their home subnet is irrelevant.
If remote workstations connect from behind some kind of "VPN Box"
the the remote users do nothing special other than put your proxy's
IP# in their Browser's Connection/LAN settings (opposite of above).
The VPN Box will be thier default Gateway.
-- The IP# of thier NIC is still irrelevant
-- Their home subnet is still irrelevant.
--
Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
www.wandtv.com
"Ben Scaithe" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> I am only interested in if I will have a problem with the two branch
office
> users coming in on their respective routers and getting access to
the
> network server and to the Internet via the Internet router. When we
switch
> over to a faster broadband solution, we'll probably use VPN, which
to my
> knowledge means firewalling at each location. I just want to make
sure
> that, once we swap servers and before the broadband changeover, the
branch
> offices can talk to the network server, and hopefully the Internet
as well.
>
> For example, we currently have a PC at a branch office with an IP of
> 192.168.6.10, mask of 255.255.255.0, and gateway of 192.168.6.1.
Their
> router, of course, is 192.168.6.1, and it comes into the main office
hub
> through a router that has an IP of 192.168.0.2. The old server's
> hub-connected network card is at 192.168.0.200, and the Internet
> router-connected card is 192.168.10.200. The Internet router at the
main
> office has an IP of 192.168.10.1, which is the gateway setting for
both of
> the cards on the old server. With Proxy Server and WINS, these far
flung
> PCs are getting the access they need, albeit slowly. Once the new
Windows
> 2003 Server (currently with a single network card) and the Windows
XP Pro
> workstations are placed, I just need to recreate their connections
on an
> accessibility level; I will focus on security in a couple of weeks
when the
> new broadband is sorted out and implemented.
>
> The use of RRAS didn't occur to me. I haven't much experience with
it, so I
> will have to bone up in a hurry. Will I need to change the
workstation or
> router IP settings to account for RRAS usage (e.g. point to the
server's
> IP)? Does WINS need to be implemented for any reason? Anything else
I need
> to watch out for?
>
>
> "Jim Harrison [MSFT]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > You're asking conflicting questions:
> > 1 - can ISA replace Proxy 2 and provide existing functionality:
yes
> > 2 - can you just install Windows 2003 and get the same
functionality: no.
> > 3 - will the existing network infrastructure allow you to create a
> wide-open path to/from the Internet for all concerned: maybe.
> > There's just not enough information here.
> >
> > If all you want is a wide open router, the W2K3 RRAS can
accommodate you.
> > If you want something smarter than your run-of-the-mill "hardware"
> firewall (can't help but snicker at the idea), then you want ISA.
> >
> > --
> > Jim Harrison [ISASE]
> > Read the help, books and articles!
> >
> > This posting is provided "AS IS" with no warranties, and confers
no
> rights.
> >
> >
> > "Ben Scaithe" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I am preparing to install a new Windows 2003 server in place of an
old NT
> 4
> > PDC server. This NT server acted as the central point for all
network
> > traffic, internal and Internet:
> >
> > One network card in the old server is connected to the company's
Ethernet
> > hub. IP - 192.168.0.200, Mask - 255.255.255.0, Gateway -
192.168.10.1
> >
> > A SECOND network card in the old server is connected to an ISDN
Router
> going
> > out to the Internet. IP - 192.168.10.200, Mask 255.255.255.0,
Gateway -
> > 192.168.10.1
> >
> > The Internet ISDN Router's internal IP is 192.168.10.1
> > Furthermore, there are two other ISDN routers coming in to the hub
from
> > branch offices.
> > One comes in on 192.168.0.1
> > The other comes in on 192.168.0.2
> >
> > At the branch offices, they use 192.168.2.x and 192.168.6.x ,
> respectively,
> > as the IP scheme, with the gateway set to their router at
192.168.x.1.
> All
> > workstations at each location uses a static IP address... no DHCP.
> >
> > The old NT server is running Proxy Server 2.0, with all the
workstationsat
> > all locations (all Win95/98) running the Microsoft Proxy Client.
The
> > connection in Internet Settings of all of the workstations is
directed to
> a
> > proxy server of \\SERVER, port 80. That server also runs WINS
Server.
> This
> > means that web activity from the branches come in on their
designated
> > router, goes through Proxy Server, and back out the
Internet-connected
> > router.
> >
> > The NEW server, as mentioned, is Windows Server 2003. We are also
> replacing
> > EVERY workstation with new WinXP Pro systems.
> >
> > My question is: Will it be necessary to purchase and load ISA
Server to
> give
> > all branches full network and Internet access, or can I get away
with
> > setting the new workstations' gateway to the Internet router
> (192.168.10.1)
> > and their DNS to the providers DNS servers? We will be abandoning
the
> ISDN
> > within the next month and switching to DSL or T1, and will
probably either
> > get routers with firewall capabilities or get a hardware firewall
> solution.
> > They aren't interested in blocking particular users or Internet
services.
> > Will the network's infrastructure allow what I want to do, or am I
stuck
> > with getting ISA Server?
> >
> > Thanks to any one who can help!
> >
> >
> >
>
>
Similar Threads
Linear Mode
