RE: Lat trouble
- From: "Colin Amos" <tori65@xxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 6 Nov 2002 19:37:47 +1100
MessageHere are a couple of intial thoughts on this issue
1. You have given a quite reasonable amount of information but you are missing
some critical info they may assist us
a. ? What is the IP addressing scheme between the Internal NIC of the ISA
External box, the External NIC of the ISA Internal box, and the external
interface of the Sonicwall
b. ? Can you ping to the Sonicwall, or has it been configured to drop the
ping packets (I'm not sure but I believe the standard config drops ping packets
as part of standard security, someone correct me if I am wrong!)
c. ? The DMZ switch - what type of switch is it? Is it a stock standard
switch or a intelligent one like a Entrasys Smart Switch router? Can it be
configured? If it is configurable then what is the addressing scheme on each
of the interfaces? Is there something in the config/rules that may prevent the
packet from reaching the other port in the DMZ switch?
2. Or is this a case I'm reading too much into it!
Regards,
Colin Amos MCP, ESE
----- Original Message -----
From: John Tolmachoff
To: [ISAserver.org Discussion List]
Sent: Wednesday, November 06, 2002 10:13 AM
Subject: [isalist] RE: Lat trouble
http://www.ISAserver.org
I think the 192.168.x.x should not be in the LAT. Maybe you need to add a
static route on the Internal ISA pointing to the Sonicwall for that network.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
701 S. Euclid
La Habra, CA 91631
562-694-4800, ext. 104
jtolmachoff@xxxxxxxxxxxxxxxx
www.reliancesoft.com
-----Original Message-----
From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx]
Sent: Tuesday, November 05, 2002 2:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Lat trouble
http://www.ISAserver.org
I have a back to back ISA server setup. I am doing some testing with
Sonicwall VPN and ISA. I have my normal Lan with IPs of 10.10.x.x and have
setup a Lan behind the Sonicwall with IPs of 192.168.x.x. The Sonicwall Wan
connection is plugged into my DMZ switch. So it looks like this
Internet
||
ISAExternal
||
||
DMZ Switch
|| ||
|| ||
ISAInternal Sonicwall
|| ||
|| ||
Lan:10.10.x.x Lan: 192.168.x.x
My problem is when I try to tracert to the 192 lan from my 10 lan instead of
crossing the ISAInternal server going across the dmz it continues to go outside
of the ISAExternal server. I added in an entry into the LAT on the ISAExternal
server to include the 192.168.x.x thinking that would redirect traffic back to
the DMZ but this did not work. Any ideas? Im sure im overlooking something
simple but I have been given a fairly short deadline to get this going so I
thought I would go through the list. Thanks in advance.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tori65@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts: