[isalist] ISA Server 2006 - Perimeter <-> Internal Intradomain Communication

  • From: "Jerry Young" <jerrygyoungii@xxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx, isapros@xxxxxxxxxxxxx
  • Date: Fri, 22 Aug 2008 08:12:56 -0400

All,

I'm trying to enable intradomain communcation between the perimeter and
internal networks in my virtual environment.

 The basic topology of the environment looks like the following:

     Corporate Network (treating as ISA external)
                   |
              .---------.
              |  ISA  | --- Perimeter Network (treating as ISA perimeter)
              '---------"
                   |
     Internal Network (treating as ISA internal)

The Corporate Network is the corporate internal network, which I am using to
simulate the "Internet".

I followed the documented procedures at the following link (thanks again,
Tom!) to facilitate this communication.

http://www.isaserver.org/tutorials/Configuring-Domain-Members-Back-to-Back-ISA-Firewall-DMZ-Part2.html
#

However, the server that I have in the perimeter network is not able to
query the DC for DNS that I have in the internal network.  Below are the log
entries and by the look of it, this appears to be a network rule issue as
opposed to a firewall rule issue.

10.3.0.40    -  UDP - -      -    8/22/2008 11:53:05
AM 1031 0 0 0 0x0 0x0 - 8/22/2008 7:53:05 AM 10.3.0.40 10.2.0.20 53 DNS Denied
Connection  0xc0040012
FWX_E_NETWORK_RULES_DENIED   Perimeter Internal - HVW2K3ISA01 Firewall
10.3.0.40    -  UDP - -      -    8/22/2008 11:53:07
AM 1032 0 0 0 0x0 0x0 - 8/22/2008 7:53:07 AM 10.3.0.40 10.2.0.20 53 DNS Denied
Connection  0xc0040012
FWX_E_NETWORK_RULES_DENIED   Perimeter Internal - HVW2K3ISA01 Firewall

The Internal Network Element in ISA has the range 10.2.0.0 -
10.2.0.255defined.  The Perimeter Network Element in ISA has the range
10.3.0.0 - 10.3.0.255 defined.

The Network Rule is listed as rule 4, has a routing relationship between the
source network Perimeter and the destination network Internal.

Any thoughts on what I am missing?
-- 
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer

Other related posts: