No problem..... sounds a lot like our setup. Hope I understand the issue: In the Configuration, make sure that we have defined networks on all the ISA boxes that include the subnet ranges. In other words, on the "local" ISA box with the new .100.X and the .101.X, I create separate networks and add the routing rules (which I think you've done). However, on the "remote" ISA box, in the Configuration, I also ADD the new network ranges to the remote site network (I don't separate them into separate networks). The routing rules should then remain the same between the sites (but the addition of the network ranges routes to the new subnets from one site to the other). Then, in the rules on the "remote" ISA (as well as the local ISA), in the Toolbox, I create separate User Defined Networks that have separate ranges from the other site (.100.X and .101.X), and then in the rules, I only pass protocols accordingly between the From and To. Did that make sense? Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image005.png@01CB7E4B.E7948B70] [cid:image006.jpg@01CB7E4B.E7948B70] From: Jim [mailto:jmay@xxxxxxxxxx] Sent: Saturday, November 06, 2010 6:34 PM To: Steven Comeau Subject: FW: [isalist] Re: Adding a nic isa 2006 Steve, I hope you don't mind me contacting you can you comment on my problem. An give me a little insight when you get a chance? Jim May From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Sent: Friday, November 05, 2010 2:56 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Adding a nic isa 2006 Jim, Network rules for the subnet 192.168.101.0 are route. I did not tell ISA the new nic installation was part of the internal net not sure how to do that. Is this setting part of the system policy? Firewall policy rules are defined using subnets created under objects I have a subnet object for each of my subnets connected to the isa. As far as the hosts on the two different subnets the knowing about each other hosts use DHCP and use the local default gateway on the connected nic 192.168.100.0 uses the default gateway of the ISA nic connected to that subnet. The 192.168.101.0 subnet uses the default gateway of the default address on the 101 nic which happens to be 192.168.101.254. I did add the subnet interface to the nat rule to external and the clients on 192.168.101.0 network can get to the internet OK using the dns server on the 192.168.100.0 subnet. Traffic seems to work OK from the 192.168.101.0 to the 192.168.100.0 vise versa but not from the 192.168.101.0 to any of my site to site connections. I did check my firewall policy rules and network rules and they are all the same. Thanks, James May Network Consultant jmay@xxxxxxxxxx<mailto:jmay@xxxxxxxxxx> PH 310.613.7699 FAX 818.827.4926 ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison [jim@xxxxxxxxxxxx] Sent: Friday, November 05, 2010 1:49 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Adding a nic isa 2006 You didn't say how you configured ISA following the NIC installation? Is the new NIC part of the ISA Internal network or did you assign it as part of a completely different ISA network? What network rules did you create and what network relationship did you define? Do the hosts in each network know to use the ISA as a path to each other? From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Sent: Friday, November 05, 2010 13:05 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Adding a nic isa 2006 Hello, I have a multi homed ISA 2006 box with three site to site VPN connections for branch locations. Yesterday I added a third NIC so I can put the students and staff members on different subnets. I have 35 workstations in classroom and I have staff located in the same building. So staff located on the internal subnet 192.168.100.0 the students on 192.168.101.0. When I connect the NIC to the subnet all works fine from classroom to internal and internal to classroom however I cannot seem to access my exchange sever located on one of the branch office subnets. I have three computers in the classroom that will need to access exchange in one of the remote subnet site to site connections. Am I missing something here? Is ISA 2006 capable of routing from another physical subnet other than the default internal? Am I missing a static route? MY ISA box as only one gateway defined on the external NIC. I have all the same rules created for both physical and the site to site VPN however the physical subnet cannot access anything over the VPN connections. I tried looking at the static routes in RRAS but when I add one for a physical interface it's looking for a gateway unlike the static routes for the VPN connections. Can anyone help? Thanks, James May Networking PH.310.613.7699 FAX.818.827.4926 jmay@xxxxxxxxxx<mailto:jmay@xxxxxxxxxx> *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com ***