You add the persistent routes to the hosts as well as ISA. -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] Sent: Tuesday, January 24, 2006 12:09 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004 - Routing Question http://www.ISAserver.org Sorry Jim, It seems I failed to mention in my original message that persistent routes have already been added to the firewall. I'm trying not to have to change the default gateway on all the machines here if I can help it, but it's looking like I might have to. Regards, Steve Steve Lunn Technical Support Technician - Microsoft MCP engage Mutual Assurance DDI: 01423 855101 Fax: 01423 855181 -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 23 January 2006 16:21 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004 - Routing Question http://www.ISAserver.org Why do I get the feeing we're talking about this: http://support.microsoft.com/kb/888042 ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] Sent: Monday, January 23, 2006 07:03 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004 - Routing Question http://www.ISAserver.org Jim, A1) The routers are on the internal NIC A2) Quite probably, but we've never had a problem up until now. It started life as ISA was default gateway, then we got one router so set up a route on the ISA box and then the second router, and the second route was added. Never questioned it as it's always worked, until ISA 2k4. Regards, Steve Steve Lunn Technical Support Technician - Microsoft MCP engage Mutual Assurance DDI: 01423 855101 Fax: 01423 855181 -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 23 January 2006 14:47 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004 - Routing Question http://www.ISAserver.org Q1 - What physical interface is connected to the routers; internal or external? The fact that you've had to create the internal-to-internal rule indicates a possible flaw in your basic routing definitions at the ISA. See Q1. -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] Sent: Monday, January 23, 2006 6:35 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA2004 - Routing Question http://www.ISAserver.org I finally got around to installing ISA Server 2004 over the weekend, and everything seems to be running okay but with one exception. Out ISA server also acts as our default gateway, and it has two persistent routes in it that point to two routers that connect to a pair of point to point leased lines to two remote sites. I've added the IP address ranges of the two remote sites to the Internal interface of the ISA server. In order for the routing to work I've had to create a rule that allows all traffic between the internal interface and the internal interface, which works up to a point, but some connections are failing. I've run the monitor and the traffic to the remote sites shows up as a Denied Connection if I try and FTP, but ping gets through. I've tried installing the firewall client, but the ftp connection fails, but then works if I ping the destination first. The denial doesn't have any rules associated with it, and the interfaces both show up as internal, so where am I going wrong? Please Help? Regards, Steve Steve Lunn Technical Support Technician - Microsoft MCP engage Mutual Assurance DDI: 01423 855101 Fax: 01423 855181 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve.lunn@xxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve.lunn@xxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.