[isalist] Re: Adding a nic isa 2006
- From: Steven Comeau <scomeau@xxxxxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 7 Nov 2010 07:17:58 -0500
No problem..... sounds a lot like our setup. Hope I understand the issue: In
the Configuration, make sure that we have defined networks on all the ISA boxes
that include the subnet ranges. In other words, on the "local" ISA box with
the new .100.X and the .101.X, I create separate networks and add the routing
rules (which I think you've done). However, on the "remote" ISA box, in the
Configuration, I also ADD the new network ranges to the remote site network (I
don't separate them into separate networks). The routing rules should then
remain the same between the sites (but the addition of the network ranges
routes to the new subnets from one site to the other). Then, in the rules on
the "remote" ISA (as well as the local ISA), in the Toolbox, I create separate
User Defined Networks that have separate ranges from the other site (.100.X and
.101.X), and then in the rules, I only pass protocols accordingly between the
From and To.
Did that make sense?
Steve Comeau
Associate Director of IT Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ 08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>
[cid:image005.png@01CB7E4B.E7948B70]
[cid:image006.jpg@01CB7E4B.E7948B70]
From: Jim [mailto:jmay@xxxxxxxxxx]
Sent: Saturday, November 06, 2010 6:34 PM
To: Steven Comeau
Subject: FW: [isalist] Re: Adding a nic isa 2006
Steve,
I hope you don't mind me contacting you can you comment on my problem. An give
me a little insight when you get a chance?
Jim May
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim
Sent: Friday, November 05, 2010 2:56 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Adding a nic isa 2006
Jim,
Network rules for the subnet 192.168.101.0 are route.
I did not tell ISA the new nic installation was part of the internal net not
sure how to do that. Is this setting part of the system policy?
Firewall policy rules are defined using subnets created under objects I have a
subnet object for each of my subnets connected to the isa.
As far as the hosts on the two different subnets the knowing about each other
hosts use DHCP and use the local default gateway on the connected nic
192.168.100.0 uses the default gateway of the ISA nic connected to that subnet.
The 192.168.101.0 subnet uses the default gateway of the default address on the
101 nic which happens to be 192.168.101.254. I did add the subnet interface to
the nat rule to external and the clients on 192.168.101.0 network can get to
the internet OK using the dns server on the 192.168.100.0 subnet. Traffic seems
to work OK from the 192.168.101.0 to the 192.168.100.0 vise versa but not from
the 192.168.101.0 to any of my site to site connections. I did check my
firewall policy rules and network rules and they are all the same.
Thanks,
James May Network Consultant
jmay@xxxxxxxxxx<mailto:jmay@xxxxxxxxxx>
PH 310.613.7699
FAX 818.827.4926
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Jim Harrison [jim@xxxxxxxxxxxx]
Sent: Friday, November 05, 2010 1:49 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Adding a nic isa 2006
You didn't say how you configured ISA following the NIC installation?
Is the new NIC part of the ISA Internal network or did you assign it as part of
a completely different ISA network?
What network rules did you create and what network relationship did you define?
Do the hosts in each network know to use the ISA as a path to each other?
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim
Sent: Friday, November 05, 2010 13:05
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Adding a nic isa 2006
Hello,
I have a multi homed ISA 2006 box with three site to site VPN connections for
branch locations. Yesterday I added a third NIC so I can put the students and
staff members on different subnets. I have 35 workstations in classroom and I
have staff located in the same building. So staff located on the internal
subnet 192.168.100.0 the students on 192.168.101.0. When I connect the NIC to
the subnet all works fine from classroom to internal and internal to classroom
however I cannot seem to access my exchange sever located on one of the branch
office subnets. I have three computers in the classroom that will need to
access exchange in one of the remote subnet site to site connections. Am I
missing something here? Is ISA 2006 capable of routing from another physical
subnet other than the default internal? Am I missing a static route? MY ISA box
as only one gateway defined on the external NIC. I have all the same rules
created for both physical and the site to site VPN however the physical subnet
cannot access anything over the VPN connections. I tried looking at the static
routes in RRAS but when I add one for a physical interface it's looking for a
gateway unlike the static routes for the VPN connections. Can anyone help?
Thanks,
James May Networking
PH.310.613.7699
FAX.818.827.4926
jmay@xxxxxxxxxx<mailto:jmay@xxxxxxxxxx>
*** This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com ***
Other related posts:
