ISA and new ISP

ISA and new ISP

Post by RGF2Z » Fri, 29 Sep 2006 23:30:01


Hello,
My company is getting a new T1 line to replace an older connection. With the
new line will come new IP addresses. Our configuration is a site to site
network from ISA2004 in US to ISA2004 in Canada. The hope is to be able to
make the switch with as little disruption as possible. I was thinking of
approaching it this way;

Using the existing T connection I would remote to the Canada ISA and add a
new site to site network to US using the new IP addresses for the US site.
Leaving the existing site to site configuration alone (no IP changes are
happening in Canada). The idea being to make the changes now while I have
certain connectivity to the remote ISA. I would then make the configuration
changes on the US ISA using the new IP addresses to replace the existing
configuration. I then switch the connection to the new T and the Canada
server should be ready to connect to US via the newly created site to site.
Is this a practical way to approach this? Is there a better way to prepare
the remote (Canada) connection for the changes to the US ISA? Any suggestions
would be appreciated. thanks
 
 
 

ISA and new ISP

Post by Phillip Wi » Sat, 30 Sep 2006 08:31:23

Sounds like it may work, I don't know.

If it were me I would never allow there to be an "unmanned" ISA to start
with. There would always have to be a "human" at the location that knew what
they were doing,...or at least knew enough that I could talk them through
things on the phone.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

 
 
 

ISA and new ISP

Post by SmVyZW15X0 » Sat, 30 Sep 2006 11:02:02

It may work, however you should setup either an out of band connection
(dialup to that network) or possibly something like a sonicwall 170 that you
could give an external IP to and VPN into that network to work on the ISA
from the private side of the network in the event your external connnection
was unaccessable. However it sounds like you don't have that ability to get
something like that setup prior to your change.


--
MCP, MCSA, MCSE+Security, CEH, CCA