Ok, I have three networks that I would like to not be able to talk to
each
other, but they must all be able to talk to a central ISA server for
internet connectivity. The ISA server only has two adapters (internal
and
external), so just connecting each one to a different adapter is not
possible. Also, because of restrictions put into place by one of the
higher-ups (don't ask me for an explanation, they don't make sense to
me), I
cannot assign the ISA server more than one IP address. So my question
is
this, is there a subnetting scheme that would allow the three
individual
networks (about 20 computers each) to not be able to connect to one
another,
but all be able to connect to a gateway at, say 192.168.1.1? I am
terribly
rusty on my subnetting rules and looking for a quick fix.

Thanks,
Jacob

In article <1147102879.946687.162330@y43g2000cwc.googlegroups .com>,
Jacob <yak2016@comcast.net> wrote:
>Ok, I have three networks that I would like to not be able to talk to each
>other, but they must all be able to talk to a central ISA server for
>internet connectivity. The ISA server only has two adapters (internal and
>external), so just connecting each one to a different adapter is not
>possible. Also, because of restrictions put into place by one of the
>higher-ups (don't ask me for an explanation, they don't make sense to me), I
>cannot assign the ISA server more than one IP address. So my question is
>this, is there a subnetting scheme that would allow the three individual
>networks (about 20 computers each) to not be able to connect to one another,
>but all be able to connect to a gateway at, say 192.168.1.1? I am terribly
>rusty on my subnetting rules and looking for a quick fix.

No, as long as the devices are on the same segment and not encapsulated
in VLANs, they can be made to talk to each other directly.

You mention ISA, which suggests you are using Windows for some or all
of the systems. Windows 2000 and XP (and possibly some earlier versions)
make it relatively easy to make this kind of cross-connection without
going through a router.

If you do not want the devices to be able to talk to each other,
drop in a firewall, router with security features, or switch with
security features.

In article <1147102879.946687.162330@y43g2000cwc.googlegroups .com>,
"Jacob" <yak2016@comcast.net> wrote:

> Ok, I have three networks that I would like to not be able to talk to
> each
> other, but they must all be able to talk to a central ISA server for
> internet connectivity. The ISA server only has two adapters (internal
> and
> external), so just connecting each one to a different adapter is not
> possible. Also, because of restrictions put into place by one of the
> higher-ups (don't ask me for an explanation, they don't make sense to
> me), I
> cannot assign the ISA server more than one IP address. So my question
> is
> this, is there a subnetting scheme that would allow the three
> individual
> networks (about 20 computers each) to not be able to connect to one
> another,
> but all be able to connect to a gateway at, say 192.168.1.1? I am
> terribly
> rusty on my subnetting rules and looking for a quick fix.

Can you install a router on your network? You need a router with at
least 3 interfaces, one for each of the subnets (you can put the ISA
server on the same segment as one of the subnets). Then configure
packet filters that block traffic between the segments unless they're
going to/from the ISA server.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***