Yes, that is correct. Regards, Steve Steve Lunn Technical Support Technician - Microsoft MCP engage Mutual Assurance DDI: 01423 855101 Fax: 01423 855181 ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 23 January 2006 15:08 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004 - Routing Question http://www.ISAserver.org Hi Steve, I think you're talking about the definition of the ISA firewall's default Internal Network. Right? Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] Sent: Monday, January 23, 2006 8:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004 - Routing Question http://www.ISAserver.org Thanks for the quick reply Tom. I added the addresses under the Configuration / Networks option and the Networks tab / Internal Interface. I did it because I thought that ISA server needed to know all internal address ranges especially since its acting as the default gateway (and 'cos I did it under ISA 2000 and didn't know better). Regards, Steve Steve Lunn Technical Support Technician - Microsoft MCP engage Mutual Assurance DDI: 01423 855101 Fax: 01423 855181 ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 23 January 2006 14:43 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004 - Routing Question http://www.ISAserver.org Hi Steve, How did you add an address range to an interface? And why? Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] Sent: Monday, January 23, 2006 8:35 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA2004 - Routing Question http://www.ISAserver.org I finally got around to installing ISA Server 2004 over the weekend, and everything seems to be running okay but with one exception. Out ISA server also acts as our default gateway, and it has two persistent routes in it that point to two routers that connect to a pair of point to point leased lines to two remote sites. I've added the IP address ranges of the two remote sites to the Internal interface of the ISA server In order for the routing to work I've had to create a rule that allows all traffic between the internal interface and the internal interface, which works up to a point, but some connections are failing. I've run the monitor and the traffic to the remote sites shows up as a Denied Connection if I try and FTP, but ping gets through. I've tried installing the firewall client, but the ftp connection fails, but then works if I ping the destination first. The denial doesn't have any rules associated with it, and the interfaces both show up as internal, so where am I going wrong? Please Help? Regards, Steve Steve Lunn Technical Support Technician - Microsoft MCP engage Mutual Assurance DDI: 01423 855101 Fax: 01423 855181 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve.lunn@xxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx