• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multi-WAN in front of ISA server 2006

Scheduled Pinned Locked Moved Routing and Multi WAN
1 Posts 1 Posters 2.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    Techonium
    last edited by Feb 12, 2009, 7:39 PM

    Looking for some advice using pfSense as a multi-wan router in front of an ISA 2006 server. I have been using pfsense for about a year as a multi-wan router/firewall, first with 3 DSL connections, and now with 2 DS3 connections. Each DS3 connection has its own /25 IP block. I am now getting ready to deploy an ISA server to segregate my users, internal servers, and public servers.

    I've included a basic diagram of what I am envisioning. I'm trying to figure out where to NAT, where to route, where to bridge. I'll have 6-10 Publicly accessible web servers in the DMZ. I'd like to maximize the functionality of the ISA server, including web proxy for users, and application filters for my web servers. I want to minimize the use of the pfSense box, using it primarily as a packet filtering router. It seems like using pfSense in bridge mode would be ideal, but my understanding is that it is not possible when using multi-wan.

    So, how to I make my Web servers accessible? Where do I NAT, where do I port-forward, where do I route? I just can't seem to get my head around how to set it up.

    If I NAT on the ISA box for all internal clients and servers, doesn't my ISA box need a public IP on the WAN interface? If I NAT on the pfSense box, will that reduce my filter/proxy functionality on the ISA? Do I setup VIPs for the public address of the web servers, and NAT them to the private addresses of the web servers?

    It seems like I have to do NATing on the pfSense box, if I'm going to have a private network between it and the ISA. OR can I use some of my Public IP block for that segment?

    I'm still learning both of these products, and don't have a lot of time for training. So I thank your for any advice.

    T
    ![Network Layout Basic.png](/public/imported_attachments/1/Network Layout Basic.png)
    ![Network Layout Basic.png_thumb](/public/imported_attachments/1/Network Layout Basic.png_thumb)

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received