RE: Is this the right way to add these "internal" networks
- From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: "Isa Weblist" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 19 Aug 2004 23:19:37 +0100
It's through an ipsec vpn....site to site
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, August 19, 2004 8:56 AM
To: Isa Weblist
Subject: [isalist] RE: Is this the right way to add these "internal"
networks
http://www.ISAserver.org
Hi Steve,
Could be an unsupported scenario. If you're trying to get Firewall
clients working behind the two-bit non-ISA firewall, its a strong
indication that an upgrade is needed.
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 19, 2004 4:35 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is this the right way to add these
"internal" networks
http://www.ISAserver.org
done all that...doesn't work...bummer
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, August 18, 2004 8:03 PM
To: Isa Weblist
Subject: [isalist] RE: Is this the right way to add these
"internal" networks
http://www.ISAserver.org
Hi Steve,
Should matter what side of the link the Firewall client is on,
since it just points to the internal interface of the ISA firewall.
However, since the firewall client doesn't use the LAT anymore, it can
be a bit tricky or not work at all. Might try a locallat.txt and see how
that works for you.
Tom
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 18, 2004 5:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is this the right way to add these
"internal" networks
http://www.ISAserver.org
Tom
How do you get the fw client to work at the other end of a site
to site vpn?? ISA2k4 and Linksys vpn endpoint?
Steve
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, August 18, 2004 10:30 AM
To: Isa Weblist
Subject: [isalist] RE: Is this the right way to add these
"internal" networks
http://www.ISAserver.org
Hi Rob,
Is this the "network within a network scenario" discussed in the
help file? If so, I've got a big section on this issue in chapter 4 of
the book. A lot of people are running into this problem and its sort of
interesting once you bring the Firewall client into the mix :-))
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Wednesday, August 18, 2004 8:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Is this the right way to add these
"internal" networks
http://www.ISAserver.org
Good morning--
My network consists of one main network (172.17.200.0)
which is connected to a bunch of remote networks (192.168.x.x) through
VPNs maintained by IPCop firewalls. The IPCop (freeware) firewalls all
VPN back to the home office, here, to another IPCop firewall which is on
the 172.17.200.0 network.
On my previous firewalls (ISA 2000 and something called
WinRoutePro) all I had to do was create static routes to a given
network, indicating that the internal IPCop firewall should be the
gateway for these sites and voila, traffic flowed. After struggling with
this on ISA 2004 for a while this morning I've come up with two
additional necessary steps: 1. I have to add the various 192.168.x.x
networks to the Internal network; and 2. To ping or RDP to those remote
networks I have to create a firewall access rule that allows pinging and
RDPing from the Internal Network to All Protected Networks. (I suppose
I'll have to set up similar rules for the other traffic, such as SMTP
and HTTP, that goes between the home site and the remote sites?)
Is this the "right" way to do this? Is there a better,
more secure way?
Thanks,
Rob
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking:
http://www.windowsnetworking.com
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
________________________________
This E-Mail is confidential. It is not intended to be read,
copied, disclosed or used by any person other than the recipient named
above.
Unauthorised use, disclosure, or copying is strictly prohibited
and may be unlawful. Optimum IT Solutions disclaims any liability for
any action taken in connection of this E-Mail. The comments or
statements expressed in this E-Mail are not necessarily those of Optimum
IT Solutions or its subsidiaries or affiliates.
administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx
<mailto:administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx>
________________________________
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
