Re: Routing
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 10 Jan 2002 00:28:37 +0100
Hi Souko and Chris,
this is indeed a weird problem and I should say I have never tried 2
internal interfaces on ISA. Theoritically it should work, but...
However, if I have more then one subnet on the internal interface I always
use a router to connect them together. The cleanest setup is to have a
router (or a layer 3 switch) with n+1 interfaces (n = number of internal
networks LAN or WAN). Each subnet sees then only one gateway (default
gateway for that subnet). In ISA, just define the necessary routes (command
'route add' with the persistent switch) to point to the 'internal' router.
Moreover, such a design have the extra benefit that ISA doesn't see that
internal traffic. That's good for the performance, but also for the
security.
Hope this helps,
Stefaan
----- Original Message -----
From: "Souko souko" <ssouko@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, January 10, 2002 12:03 AM
Subject: [isalist] Re: Routing
> http://www.ISAserver.org
>
>
>
> Hi Chris,
>
> I've got exactly the same problem. Haven't found the solution yet and I'm
> going nuts.
>
> What I found out is that using network monitor on ISA I got the following.
>
> 192.168.10.x network not working
> 10.101.x.x network working ok
>
> When an internal host from 192 tries eg to do a dns lookup I can see the
> request coming on ISA's internal 192 card but it isn't leaving the
external
> card to a external dns server and nothing returns.
>
> Packets from the internet follow the rules and are passed correctly to the
> 192 network but from the 192 outwards nothing can pass. The packets seem
to
> be lost inside ISA.
>
> I don't know whats going on. I've checked the routing tables all seems to
be
> ok.
>
> Could a solution be to use a router under ISA connect the two subnets on
the
> router and use it as the default gateway and then pass the packets to ISA
> (would that stop ISA beeing confused?).
>
> Any help guys?
>
>
> >From: "Chris Bond" <chris@xxxxxxxxxxxxx>
> >Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >Subject: [isalist] Routing
> >Date: Wed, 9 Jan 2002 15:26:58 -0000
> >
> >http://www.ISAserver.org
> >
> >
> >Hi,
> >
> >I have an ISA Server with 3 networks cards in, on external interface to
> >the internet. The second for subnet1 (192.168.1.x), the third for
> >subnet2 (192.168.2.x).
> >
> >At the moment from the 192.168.1.x side you can ping its own subnet1 and
> >192.168.2.x (subnet2).
> >
> >From the 192.168.2.x side you ping its own subnet2 but not 192.168.1.x
> >(subnet1).
> >
> >How can I get ISA/RRAS to route the packets on the subnet2 to subnet1?
> >
> >ISA is configured so that the external network has a gateway address of
> >our internet router, the subnet1 and subnet2 gateways are both blank.
> >
> >Can anybody shed any light to this matter?
> >
> >Kind Regards,
> >Chris Bond
> >
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >ssouko@xxxxxxxxxxx
> >To unsubscribe send a blank email to leave-isalist-380967K@xxxxxxxxxxx
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
