RE: Interesting ISA Problem

• From: Glenn Maks <gmaks@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 31 Oct 2003 08:33:42 -0500

Sure - with any Network INterface Card you have at least ONE Primary IP
address, and you can also add additional IP addresses to the Interface as
well, what I discovered was this, My original published MX server that was
behind my Old Raptor Firewall had an IP address of 64.80.200.9, when I built
my ISA server to replace the Rpator firewall, I assigned the External
Interface the IP address of 64.80.200.250, then I moved my public MX server
off of the DMZ of my Raptor Firewall and onto the DMZ of my new ISA server,
keeping the same Published DNS IP address of my MX server which was
64.80.200.9, I simply added that IP address as a secondary address to the
External interface of ISA, thinking everything was going to migrate
smoothly, what I discovered was this, out bound mail was delivered but the
return trip got lost, until I actually changed the Primary IP address of ISA
from 64.80.200.250 to 64.80.200.9. Now here is where it gets interesting, I
also run 4 Layer 2 VPN tunnels through my ISA server which connect other
offices, well, of course this broke the Tunnels until I modified all the
Packet filters and changed the Tunnel end point IP addresses in RRAS to
match the new ISA public IP address of 64.80.200.9. Everything seems to be
working, except now my Public DNS Server has a different address and the
same Got Cha
applies when I attempted to publish my DNS server on my ISA's DMZ. even
though the I have the public IP address of my DNS server added as a
secondary.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, October 30, 2003 7:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Interesting ISA Problem


http://www.ISAserver.org

Hi Glenn,
 
Outbound mail will always leave through the default IP address.
 
I'm not exactly sure what the problem is that you're trying to explain here.
Can you get it another try?
 
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
 

  _____  

From: Glenn Maks [mailto:gmaks@xxxxxxxxx] 
Sent: Thursday, October 30, 2003 3:36 PM
To: [ISAserver.org Discussion List]
Cc: jim@xxxxxxxxxxxx
Subject: [isalist] Interesting ISA Problem
Importance: High


http://www.ISAserver.org


Ok - I solved my publishing DNS issue, I decided to run DNS on my ISA server
and have that serve as my SOA for all my public name spaces, but here is
something I discovered, both with publishing my MX server and playing around
with publishing DNS Servers.

I have on my External NIC one primary IP address and several additional IP
addresses for other services like web sites and FTP sites and so on, I
discovered that no matter

what services I pass through ISA it will not work unless I use the Primary
IP address. Let me explain, My Public MX server was living behind my old
firewall, in the process of migrating services over and replacing my OLD
firewall with ISA, I moved the MX server behind my ISA server, I took the
Public IP address for the MX server and added it as an additional IP address
to the External Interface of ISA, then I published the MX server, I found
that mail could be delivered but the return trip got lost, it was not until
I changed

the Primary IP address of the ISA server to the Original IP address the MX
server was known as, did the mail come back to me. ? Same as the DNS issue I
had, running DNS
on my ISA server and having it listen on all interfaces one would think it
would work even though the IP address of the SOA server is NOT the primary
IP address of the ISA External Interface. I hope I was clear in my
explanation.  Any Takers on this one ??

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » Interesting ISA Problem
• » Interesting ISA Problem
• » RE: Interesting ISA Problem
• » RE: Interesting ISA Problem
• » RE: Interesting ISA Problem
• » RE: Interesting ISA Problem
• » RE: Interesting ISA Problem
• » RE: Interesting ISA Problem
• » RE: Interesting ISA Problem
• » Re: Interesting ISA Problem

1. Home
2. isalist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---