Re: Routing
- From: "Souko souko" <ssouko@xxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Wed, 09 Jan 2002 23:34:45 +0000
Hi Stefaan,
Thanks for working on this problem. Unfortunately I can't try this solution
right now but I'll let you know what will happen.
It's unbelievable what kind of traffic you can see using netmon!!
From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Routing
Date: Thu, 10 Jan 2002 00:28:37 +0100
http://www.ISAserver.org
Hi Souko and Chris,
this is indeed a weird problem and I should say I have never tried 2
internal interfaces on ISA. Theoritically it should work, but...
However, if I have more then one subnet on the internal interface I always
use a router to connect them together. The cleanest setup is to have a
router (or a layer 3 switch) with n+1 interfaces (n = number of internal
networks LAN or WAN). Each subnet sees then only one gateway (default
gateway for that subnet). In ISA, just define the necessary routes (command
'route add' with the persistent switch) to point to the 'internal' router.
Moreover, such a design have the extra benefit that ISA doesn't see that
internal traffic. That's good for the performance, but also for the
security.
Hope this helps,
Stefaan
----- Original Message -----
From: "Souko souko" <ssouko@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, January 10, 2002 12:03 AM
Subject: [isalist] Re: Routing
> http://www.ISAserver.org
>
>
>
> Hi Chris,
>
> I've got exactly the same problem. Haven't found the solution yet and
I'm
> going nuts.
>
> What I found out is that using network monitor on ISA I got the
following.
>
> 192.168.10.x network not working
> 10.101.x.x network working ok
>
> When an internal host from 192 tries eg to do a dns lookup I can see the
> request coming on ISA's internal 192 card but it isn't leaving the
external
> card to a external dns server and nothing returns.
>
> Packets from the internet follow the rules and are passed correctly to
the
> 192 network but from the 192 outwards nothing can pass. The packets seem
to
> be lost inside ISA.
>
> I don't know whats going on. I've checked the routing tables all seems
to
be
> ok.
>
> Could a solution be to use a router under ISA connect the two subnets on
the
> router and use it as the default gateway and then pass the packets to
ISA
> (would that stop ISA beeing confused?).
>
> Any help guys?
>
>
> >From: "Chris Bond" <chris@xxxxxxxxxxxxx>
> >Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >Subject: [isalist] Routing
> >Date: Wed, 9 Jan 2002 15:26:58 -0000
> >
> >http://www.ISAserver.org
> >
> >
> >Hi,
> >
> >I have an ISA Server with 3 networks cards in, on external interface to
> >the internet. The second for subnet1 (192.168.1.x), the third for
> >subnet2 (192.168.2.x).
> >
> >At the moment from the 192.168.1.x side you can ping its own subnet1
and
> >192.168.2.x (subnet2).
> >
> >From the 192.168.2.x side you ping its own subnet2 but not 192.168.1.x
> >(subnet1).
> >
> >How can I get ISA/RRAS to route the packets on the subnet2 to subnet1?
> >
> >ISA is configured so that the external network has a gateway address of
> >our internet router, the subnet1 and subnet2 gateways are both blank.
> >
> >Can anybody shed any light to this matter?
> >
> >Kind Regards,
> >Chris Bond
> >
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >ssouko@xxxxxxxxxxx
> >To unsubscribe send a blank email to leave-isalist-380967K@xxxxxxxxxxx
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ssouko@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
_________________________________________________________________
Join the world?s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
Other related posts:
- » Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » Re: Routing
- » Re: Routing
- » Re: Routing
- » RE: Routing
- » Re: Routing
- » Routing
- » Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » RE: Routing
- » Routing?
- » Re: Routing?
- » RE: Routing?
- » RE: Routing?
- » Re: Routing?
- » Re: Routing?
- » Re: Routing?
- » RE: Routing?
- » Re: Routing?
- » Re: Routing?
- » Re: Routing?
- » Re: Routing?
- » Re: Routing?
- » Routing
- » Routing
From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx> Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: Routing Date: Thu, 10 Jan 2002 00:28:37 +0100
http://www.ISAserver.org
Hi Souko and Chris,
this is indeed a weird problem and I should say I have never tried 2 internal interfaces on ISA. Theoritically it should work, but...
However, if I have more then one subnet on the internal interface I always use a router to connect them together. The cleanest setup is to have a router (or a layer 3 switch) with n+1 interfaces (n = number of internal networks LAN or WAN). Each subnet sees then only one gateway (default gateway for that subnet). In ISA, just define the necessary routes (command 'route add' with the persistent switch) to point to the 'internal' router.
Moreover, such a design have the extra benefit that ISA doesn't see that internal traffic. That's good for the performance, but also for the security.
Hope this helps, Stefaan
----- Original Message ----- From: "Souko souko" <ssouko@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, January 10, 2002 12:03 AM Subject: [isalist] Re: Routing
> http://www.ISAserver.org
>
>
>
> Hi Chris,
>
> I've got exactly the same problem. Haven't found the solution yet and I'm
> going nuts.
>
> What I found out is that using network monitor on ISA I got the following.
>
> 192.168.10.x network not working
> 10.101.x.x network working ok
>
> When an internal host from 192 tries eg to do a dns lookup I can see the
> request coming on ISA's internal 192 card but it isn't leaving the
external
> card to a external dns server and nothing returns.
>
> Packets from the internet follow the rules and are passed correctly to the
> 192 network but from the 192 outwards nothing can pass. The packets seem
to
> be lost inside ISA.
>
> I don't know whats going on. I've checked the routing tables all seems to
be
> ok.
>
> Could a solution be to use a router under ISA connect the two subnets on
the
> router and use it as the default gateway and then pass the packets to ISA
> (would that stop ISA beeing confused?).
>
> Any help guys?
>
>
> >From: "Chris Bond" <chris@xxxxxxxxxxxxx>
> >Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >Subject: [isalist] Routing
> >Date: Wed, 9 Jan 2002 15:26:58 -0000
> >
> >http://www.ISAserver.org
> >
> >
> >Hi,
> >
> >I have an ISA Server with 3 networks cards in, on external interface to
> >the internet. The second for subnet1 (192.168.1.x), the third for
> >subnet2 (192.168.2.x).
> >
> >At the moment from the 192.168.1.x side you can ping its own subnet1 and
> >192.168.2.x (subnet2).
> >
> >From the 192.168.2.x side you ping its own subnet2 but not 192.168.1.x
> >(subnet1).
> >
> >How can I get ISA/RRAS to route the packets on the subnet2 to subnet1?
> >
> >ISA is configured so that the external network has a gateway address of
> >our internet router, the subnet1 and subnet2 gateways are both blank.
> >
> >Can anybody shed any light to this matter?
> >
> >Kind Regards,
> >Chris Bond
> >
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >ssouko@xxxxxxxxxxx
> >To unsubscribe send a blank email to leave-isalist-380967K@xxxxxxxxxxx
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: ssouko@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')