Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN in front of ISA server 2006

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Techonium
      last edited by

      Looking for some advice using pfSense as a multi-wan router in front of an ISA 2006 server. I have been using pfsense for about a year as a multi-wan router/firewall, first with 3 DSL connections, and now with 2 DS3 connections. Each DS3 connection has its own /25 IP block. I am now getting ready to deploy an ISA server to segregate my users, internal servers, and public servers.

      I've included a basic diagram of what I am envisioning. I'm trying to figure out where to NAT, where to route, where to bridge. I'll have 6-10 Publicly accessible web servers in the DMZ. I'd like to maximize the functionality of the ISA server, including web proxy for users, and application filters for my web servers. I want to minimize the use of the pfSense box, using it primarily as a packet filtering router. It seems like using pfSense in bridge mode would be ideal, but my understanding is that it is not possible when using multi-wan.

      So, how to I make my Web servers accessible? Where do I NAT, where do I port-forward, where do I route? I just can't seem to get my head around how to set it up.

      If I NAT on the ISA box for all internal clients and servers, doesn't my ISA box need a public IP on the WAN interface? If I NAT on the pfSense box, will that reduce my filter/proxy functionality on the ISA? Do I setup VIPs for the public address of the web servers, and NAT them to the private addresses of the web servers?

      It seems like I have to do NATing on the pfSense box, if I'm going to have a private network between it and the ISA. OR can I use some of my Public IP block for that segment?

      I'm still learning both of these products, and don't have a lot of time for training. So I thank your for any advice.

      T
      ![Network Layout Basic.png](/public/imported_attachments/1/Network Layout Basic.png)
      ![Network Layout Basic.png_thumb](/public/imported_attachments/1/Network Layout Basic.png_thumb)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.