Can you forward me chapter 4? ;-) I'll check out that section of the help file. R. _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, August 18, 2004 9:30 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Is this the right way to add these "internal" networks http://www.ISAserver.org Hi Rob, Is this the "network within a network scenario" discussed in the help file? If so, I've got a big section on this issue in chapter 4 of the book. A lot of people are running into this problem and its sort of interesting once you bring the Firewall client into the mix :-)) Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls -----Original Message----- From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Wednesday, August 18, 2004 8:22 AM To: [ISAserver.org Discussion List] Subject: [isalist] Is this the right way to add these "internal" networks http://www.ISAserver.org Good morning-- My network consists of one main network (172.17.200.0) which is connected to a bunch of remote networks (192.168.x.x) through VPNs maintained by IPCop firewalls. The IPCop (freeware) firewalls all VPN back to the home office, here, to another IPCop firewall which is on the 172.17.200.0 network. On my previous firewalls (ISA 2000 and something called WinRoutePro) all I had to do was create static routes to a given network, indicating that the internal IPCop firewall should be the gateway for these sites and voila, traffic flowed. After struggling with this on ISA 2004 for a while this morning I've come up with two additional necessary steps: 1. I have to add the various 192.168.x.x networks to the Internal network; and 2. To ping or RDP to those remote networks I have to create a firewall access rule that allows pinging and RDPing from the Internal Network to All Protected Networks. (I suppose I'll have to set up similar rules for the other traffic, such as SMTP and HTTP, that goes between the home site and the remote sites?) Is this the "right" way to do this? Is there a better, more secure way? Thanks, Rob ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx