1. There is no subnetting here.
2. The ISA should not be involved and normally should only have two
interfaces (one internal, one external).
3. When you have multiple networks, their needs to be a LAN Router between
them,...if you have no Router, then you can have no multiple networks. If
you are not willing to buy a LAN Router then nothing can be done that is
*reasonable* to me.
4. You then use ACLs (Access Control Lists) on the LAN Router to control
what kind of traffic is allowed between the networks.
5. Layer3&4 is *not* the only answer with security. Just because machines
can "ping" other machines on another subnet does not mean they have
access,....pinging is not access. Access means to gain resources, resources
are controlled by the Applications associated with the resources. The
Applications controlling the resources are the *primary* means of
controlling access to the resources. Operating System controls (file system
permissions) are the seondary means of access control. Network
infrastructure (Layers3&4) are the third, and *less granular*, control over
access to resources.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------
"Jacob Arthur" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Ok, I have three networks that I would like to not be able to talk to each
> other, but they must all be able to talk to a central ISA server for
> internet connectivity. The ISA server only has two adapters (internal and
> external), so just connecting each one to a different adapter is not
> possible. Also, because of restrictions put into place by one of the
> higher-ups (don't ask me for an explanation, they don't make sense to me),
I
> cannot assign the ISA server more than one IP address. So my question is
> this, is there a subnetting scheme that would allow the three individual
> networks (about 20 computers each) to not be able to connect to one
another,
> but all be able to connect to a gateway at, say 192.168.1.1? I am
terribly
> rusty on my subnetting rules and looking for a quick fix.
>
> Thanks,
> Jacob
>
>
Similar Threads
Linear Mode
