| Author |
Message |
Bob
Guest
|
 Posted:
Fri Oct 21, 2005 12:50 am Post subject:
Dumb ISA server question regarding printing |
|
|
Customer has three locations, a main office and two branch offices. Branch
office 1 has only one computer and one printer . The main location has about
50 users - small LAN, branch office 2 has a half a dozen or so, also on a
small LAN.
The principal requirement fiunctional is that users at the main office can
send a print job to any of the printers located at any of the two offsite
locations from within an application running on their desktop and that users
at any of the two field offices can send a print job to any other field
office printer or any main office printer.
We are now thinking of installing an ISA server 2004 at the main office and
implement a VPN. To print as described above, do we also need to install an
ISA server at the site that has a small LAN? I know we can print now (we're
doing it without a VPN) to all sites, however I wonder if a VPN changes
anything in this regard.
I think the answer is probably no and I don't need to install a second ISA
server at branch office 2, but before I stick my neck out with a definite
recommendation I would like to be sure.
Any help and a short explnation would be greatly appreciated.
Bob |
|
| Back to top |
|
 |
Phillip Windell
Guest
|
| Posted:
Fri Oct 21, 2005 8:50 pm Post subject:
Re: Dumb ISA server question regarding printing |
|
|
"Bob" <bdufour@sgiims.com> wrote in message
news:OyNhMFc1FHA.1108@TK2MSFTNGP14.phx.gbl...
| Quote: | We are now thinking of installing an ISA server 2004 at the main office
and
implement a VPN. To print as described above, do we also need to install
an
ISA server at the site that has a small LAN? I know we can print now
(we're
doing it without a VPN) to all sites, however I wonder if a VPN changes
anything in this regard.
|
Impossible to answer. You have never indicated by what means these networks
connect to each other now. There is a huge difference between doing it over
private lease lines with RFC Private IP#s or over the Public Internet with
all machine using Public IP# or by running NAT Devices at each site so they
use private IP#s and use VPN to jump the NAT Devices. You could easily
already have a very bad design that is "unworkable" and will have to be
totally restructured.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
----------------------------------------------------- |
|
| Back to top |
|
|
Neteng
Guest
|
| Posted:
Sat Oct 22, 2005 12:50 am Post subject:
Re: Dumb ISA server question regarding printing |
|
|
It sounds like your doing internet printing. If you want lan to lan
communications via a VPN you will need a VPN tunnel terminating device at
each end. It may/may not change the ways things work, most likely it will. I
don't work with MS VPN much but with a Cisco you have to setup policy
routing when you do a static NAT and VPN. I don't know if MS can handle this
or if you just want to run everything over the tunnel.
"Bob" <bdufour@sgiims.com> wrote in message
news:OyNhMFc1FHA.1108@TK2MSFTNGP14.phx.gbl...
| Quote: | Customer has three locations, a main office and two branch offices. Branch
office 1 has only one computer and one printer . The main location has
about
50 users - small LAN, branch office 2 has a half a dozen or so, also on a
small LAN.
The principal requirement fiunctional is that users at the main office can
send a print job to any of the printers located at any of the two offsite
locations from within an application running on their desktop and that
users
at any of the two field offices can send a print job to any other field
office printer or any main office printer.
We are now thinking of installing an ISA server 2004 at the main office
and
implement a VPN. To print as described above, do we also need to install
an
ISA server at the site that has a small LAN? I know we can print now
(we're
doing it without a VPN) to all sites, however I wonder if a VPN changes
anything in this regard.
I think the answer is probably no and I don't need to install a second ISA
server at branch office 2, but before I stick my neck out with a definite
recommendation I would like to be sure.
Any help and a short explnation would be greatly appreciated.
Bob
|
|
|
| Back to top |
|
|
Bob
Guest
|
| Posted:
Sat Oct 22, 2005 12:50 am Post subject:
Re: Dumb ISA server question regarding printing |
|
|
Phillip, Thanks for your answer. I should have realized I needed to be more
specific on current setup
Main Office is running behind a watchguard Connected to the internet. It has
a public IP and all internal machines have private IPS (192.168.1.X).
There's a domain with a DC and a BDC on W2k servers, also running AD. We're
connecting to branch 2 via public Internet going out thru the firewall using
a cable modem connection and home office has fixed public IP, branch 2 is on
an ADSL line, with a fixed Public Ip and machine and printer are on private
IP Natted (range 192.168.1.X)
We're connecting to branch 1 from home office only for now, from one of our
switches(hubs) at Home office to a Gandalf router connected to dedicated
ISDN lines, always open ( its not long distance) home network side of home
Gandalf has a private IP, Public fixed IP and same at branch 1 (Gandalf) to
hub to computers with private Ip address range (192.168.1.X). As I think of
them (and I may be wrong) I consider the route accross the Gandalfs in the
same way as I would a simple cable between a two switches except that its
slower. In practical terms I notice that I can't have duplicatre private IP
adresses at home office and at branch 1, and I don't think that that's good.
I think they should get away from using ISDN and switch over to ADSL (cable
is not available at branch 1, nor is any other high speed connection at
least at a reasonable price for a small co.) I would think of setting up the
branch 1 office behind a watchguard router with a fixed public IP and
private internal IP's for the computers and printers there. A couple of
years back they had ADSL installed but the owner did not want to give up the
ISDN's untill it was proven to him that the ADSL would work reliably.
Unfortunately, at that time it was not satisfactory (not my fault, we didn't
do that install, the service provider did and screwed it up). So not sure if
we can get him to move away from ISDN, I doubt it.
One of the problems is that they have a Unix box that prints to branch 1
from a Unix prog we don't control, but we know it goes over the ISDN wires.
I don't know how that Unix printing would be affected by moving to ADSL and
a VPN. That's just one of the things I'm trying to get a handle on without
any collaboration from the guys who installed the program. Oh well.
In any case Phillip, thanks for taking the time to answer. If you have any
other insights I would realy appreciate them.
Bob
"Phillip Windell" <@.> wrote in message
news:%23oX1izn1FHA.556@TK2MSFTNGP12.phx.gbl...
| Quote: |
"Bob" <bdufour@sgiims.com> wrote in message
news:OyNhMFc1FHA.1108@TK2MSFTNGP14.phx.gbl...
We are now thinking of installing an ISA server 2004 at the main office
and
implement a VPN. To print as described above, do we also need to install
an
ISA server at the site that has a small LAN? I know we can print now
(we're
doing it without a VPN) to all sites, however I wonder if a VPN changes
anything in this regard.
Impossible to answer. You have never indicated by what means these
networks
connect to each other now. There is a huge difference between doing it
over
private lease lines with RFC Private IP#s or over the Public Internet with
all machine using Public IP# or by running NAT Devices at each site so
they
use private IP#s and use VPN to jump the NAT Devices. You could easily
already have a very bad design that is "unworkable" and will have to be
totally restructured.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
|
|
|
| Back to top |
|
|
Phillip Windell
Guest
|
| Posted:
Mon Oct 24, 2005 8:50 pm Post subject:
Re: Dumb ISA server question regarding printing |
|
|
"Bob" <bdufour@sgiims.com> wrote in message
news:%233H2Nso1FHA.2076@TK2MSFTNGP14.phx.gbl...
| Quote: | and same at branch 1 (Gandalf) to
hub to computers with private Ip address range (192.168.1.X). As I think
of
them (and I may be wrong) I consider the route accross the Gandalfs in the
same way as I would a simple cable between a two switches except that its
slower.
|
That would be accuarte.
| Quote: | In practical terms I notice that I can't have duplicatre private IP
adresses at home office and at branch 1, and I don't think that that's
good. |
That is correct, you cannot. Also if both sides use the same subnet block
of addresses then the private link is a "bridged connection",...if they are
using different subnet blocks then it is a "routed connection".
| Quote: | I think they should get away from using ISDN and switch over to ADSL
(cable
is not available at branch 1, nor is any other high speed connection at
least at a reasonable price for a small co.) I would think of setting up
the
branch 1 office behind a watchguard router with a fixed public IP and
private internal IP's for the computers and printers there. A couple of
|
You could do that, but you need to consider that ADSL (unlike Synchonous
DSL) runs slower on the "upload" side,...and with VPN,...everything is an
"upload" as far as the hardware is concerned. So the VPN will "sync" at the
slower upload speed of the DSL. Even a 2 mbps ADSL may only run at 256k
upload speed,...and VPN itself has more "protocol overhead" and is less
efficient than the "straight" TCP/IP communication you already have,...so in
the end you could find yourself running even slower than you are already
going.
| Quote: | One of the problems is that they have a Unix box that prints to branch 1
from a Unix prog we don't control, but we know it goes over the ISDN
wires.
I don't know how that Unix printing would be affected by moving to ADSL
and
a VPN.
|
As long as the Printer's IP# does not change and the new topology of the LAN
accounts for the new "routing" path,..the Unix box won't know the
difference.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
----------------------------------------------------- |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in