RE: Lat trouble

  • From: "Colin Amos" <tori65@xxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 6 Nov 2002 19:37:47 +1100

MessageHere are a couple of intial thoughts on this issue

1. You have given a quite reasonable amount of information but you are missing 
some critical info they may assist us
    a. ? What is the IP addressing scheme between the Internal NIC of the ISA 
External box, the External NIC of the ISA Internal box, and the external 
interface of the Sonicwall
    b. ? Can you ping to the Sonicwall, or has it been configured to drop the 
ping packets (I'm not sure but I believe the standard config drops ping packets 
as part of standard security, someone correct me if I am wrong!)
    c. ? The DMZ switch - what type of switch is it?  Is it a stock standard 
switch or a intelligent one like a Entrasys Smart Switch router? Can it be 
configured?  If it is configurable then what is the addressing scheme on each 
of the interfaces? Is there something in the config/rules that may prevent the 
packet from reaching the other port in the DMZ switch?

2. Or is this a case I'm reading too much into it!

Regards, 
Colin Amos   MCP, ESE 


----- Original Message ----- 
  From: John Tolmachoff 
  To: [ISAserver.org Discussion List] 
  Sent: Wednesday, November 06, 2002 10:13 AM
  Subject: [isalist] RE: Lat trouble


  http://www.ISAserver.org


  I think the 192.168.x.x should not be in the LAT. Maybe you need to add a 
static route on the Internal ISA pointing to the Sonicwall for that network.



  John Tolmachoff  MCSE, CSSA

  IT Manager, Network Engineer

  701 S. Euclid

  La Habra, CA  91631

  562-694-4800, ext. 104

  jtolmachoff@xxxxxxxxxxxxxxxx

  www.reliancesoft.com





  -----Original Message-----
  From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx] 
  Sent: Tuesday, November 05, 2002 2:53 PM
  To: [ISAserver.org Discussion List]
  Subject: [isalist] Lat trouble



  http://www.ISAserver.org

  I have a back to back ISA server setup. I am doing some testing with 
Sonicwall VPN and ISA. I have my normal Lan with IPs of 10.10.x.x and have 
setup a Lan behind the Sonicwall with IPs of 192.168.x.x. The Sonicwall Wan 
connection is plugged into my DMZ switch. So it looks like this



        Internet

                          ||

    ISAExternal

              ||

              ||

  DMZ Switch

              ||                       ||

              ||                       ||

  ISAInternal             Sonicwall

              ||                       ||

              ||                       ||

  Lan:10.10.x.x    Lan: 192.168.x.x





  My problem is when I try to tracert to the 192 lan from my 10 lan instead of 
crossing the ISAInternal server going across the dmz it continues to go outside 
of the ISAExternal server. I added in an entry into the LAT on the ISAExternal 
server to include the 192.168.x.x thinking that would redirect traffic back to 
the DMZ but this did not work. Any ideas? Im sure im overlooking something 
simple but I have been given a fairly short deadline to get this going so I 
thought I would go through the list. Thanks in advance.

  ------------------------------------------------------
  List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
  ------------------------------------------------------
  Exchange Server Resource Site: http://www.msexchange.org/
  Windows Security Resource Site: http://www.windowsecurity.com/
  Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
isalist@xxxxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub') 

  ------------------------------------------------------
  List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
  ------------------------------------------------------
  Exchange Server Resource Site: http://www.msexchange.org/
  Windows Security Resource Site: http://www.windowsecurity.com/
  Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
tori65@xxxxxxxxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2002