RE: ISA2004 - Routing Question
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 24 Jan 2006 06:51:01 -0800
You add the persistent routes to the hosts as well as ISA.
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx]
Sent: Tuesday, January 24, 2006 12:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA2004 - Routing Question
http://www.ISAserver.org
Sorry Jim,
It seems I failed to mention in my original message that persistent
routes have already been added to the firewall.
I'm trying not to have to change the default gateway on all the machines
here if I can help it, but it's looking like I might have to.
Regards,
Steve
Steve Lunn
Technical Support Technician - Microsoft MCP
engage Mutual Assurance
DDI: 01423 855101 Fax: 01423 855181
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: 23 January 2006 16:21
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA2004 - Routing Question
http://www.ISAserver.org
Why do I get the feeing we're talking about this:
http://support.microsoft.com/kb/888042
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx]
Sent: Monday, January 23, 2006 07:03
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA2004 - Routing Question
http://www.ISAserver.org
Jim,
A1) The routers are on the internal NIC
A2) Quite probably, but we've never had a problem up until now.
It started life as ISA was default gateway, then we got one router so
set up a route on the ISA box and then the second router, and the second
route was added. Never questioned it as it's always worked, until ISA
2k4.
Regards,
Steve
Steve Lunn
Technical Support Technician - Microsoft MCP
engage Mutual Assurance
DDI: 01423 855101 Fax: 01423 855181
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: 23 January 2006 14:47
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA2004 - Routing Question
http://www.ISAserver.org
Q1 - What physical interface is connected to the routers; internal or
external?
The fact that you've had to create the internal-to-internal rule
indicates a possible flaw in your basic routing definitions at the ISA.
See Q1.
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx]
Sent: Monday, January 23, 2006 6:35 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA2004 - Routing Question
http://www.ISAserver.org
I finally got around to installing ISA Server 2004 over the weekend, and
everything seems to be running okay but with one exception.
Out ISA server also acts as our default gateway, and it has two
persistent routes in it that point to two routers that connect to a pair
of point to point leased lines to two remote sites.
I've added the IP address ranges of the two remote sites to the Internal
interface of the ISA server. In order for the routing to work I've had
to create a rule that allows all traffic between the internal interface
and the internal interface, which works up to a point, but some
connections are failing.
I've run the monitor and the traffic to the remote sites shows up as a
Denied Connection if I try and FTP, but ping gets through. I've tried
installing the firewall client, but the ftp connection fails, but then
works if I ping the destination first.
The denial doesn't have any rules associated with it, and the interfaces
both show up as internal, so where am I going wrong? Please Help?
Regards,
Steve
Steve Lunn
Technical Support Technician - Microsoft MCP
engage Mutual Assurance
DDI: 01423 855101 Fax: 01423 855181
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve.lunn@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve.lunn@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
