[isalist] Re: adding a second internal network

http://www.ISAserver.org
-------------------------------------------------------

"FWX_E_NETWORK_RULES_DENIED" means either:
1.  you never defined a network rule for the new network.
..or
2. the network rule you did define disallows the traffic (packet implied route, 
but the rule was NAT or vice versa)

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Paul Laudenslager
Sent: Saturday, February 23, 2008 11:33 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] adding a second internal network

http://www.ISAserver.org
-------------------------------------------------------

Hi Everyone,

This ought to be simple for you gurus... It seems the more I learn, the more
I realize how much I don't know. :)

Current configuration

        ISA2K6
        (1) NIC for External Network
        (1) Internal Network    IP: 172.16.88.x - 172.16.91.x  Mask:
255.255.252.0

I created all the rules and everything is working great for the Internal
Network at this point. (web, smtp, dns, etc)

I was then tasked to add another, yet separate network.  IP: 192.168.0.x
Mask: 255.255.255.0

Added another NIC, assigned it the 192.168.0.1 address.  I can ping the
network fine from ISA.

I went into ISA and added another network called "IntraNet".  I created the
access rules for this new network the same way I created them for the
Internal Network above.

However, I can't get the traffic coming from the IntraNet clients to get out
of their own network.

For example, I'm trying to do a NSLOOKUP from an IntraNet server and
receive...

        Client IP: 192.168.0.5
        Destination IP: 12.127.16.67
        Destination Port: 53
        Protocol: DNS
        Action: Denied Connection
        Result Code: 0xc0040012 FWX_E_NETWORK_RULES_DENIED
        Source Network: IntraNet
        Destination Network: External

My first impression is that it's a routing issue and that I would need to
create add a 'route' command to this machine.

However, since it is currently a production server, I thought I'd ask before
I made any modifications.

Thanks in advance for your time and comments.

-Paul L.


------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: