MessageHere are a couple of intial thoughts on this issue 1. You have given a quite reasonable amount of information but you are missing some critical info they may assist us a. ? What is the IP addressing scheme between the Internal NIC of the ISA External box, the External NIC of the ISA Internal box, and the external interface of the Sonicwall b. ? Can you ping to the Sonicwall, or has it been configured to drop the ping packets (I'm not sure but I believe the standard config drops ping packets as part of standard security, someone correct me if I am wrong!) c. ? The DMZ switch - what type of switch is it? Is it a stock standard switch or a intelligent one like a Entrasys Smart Switch router? Can it be configured? If it is configurable then what is the addressing scheme on each of the interfaces? Is there something in the config/rules that may prevent the packet from reaching the other port in the DMZ switch? 2. Or is this a case I'm reading too much into it! Regards, Colin Amos MCP, ESE ----- Original Message ----- From: John Tolmachoff To: [ISAserver.org Discussion List] Sent: Wednesday, November 06, 2002 10:13 AM Subject: [isalist] RE: Lat trouble http://www.ISAserver.org I think the 192.168.x.x should not be in the LAT. Maybe you need to add a static route on the Internal ISA pointing to the Sonicwall for that network. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer 701 S. Euclid La Habra, CA 91631 562-694-4800, ext. 104 jtolmachoff@xxxxxxxxxxxxxxxx www.reliancesoft.com -----Original Message----- From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx] Sent: Tuesday, November 05, 2002 2:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] Lat trouble http://www.ISAserver.org I have a back to back ISA server setup. I am doing some testing with Sonicwall VPN and ISA. I have my normal Lan with IPs of 10.10.x.x and have setup a Lan behind the Sonicwall with IPs of 192.168.x.x. The Sonicwall Wan connection is plugged into my DMZ switch. So it looks like this Internet || ISAExternal || || DMZ Switch || || || || ISAInternal Sonicwall || || || || Lan:10.10.x.x Lan: 192.168.x.x My problem is when I try to tracert to the 192 lan from my 10 lan instead of crossing the ISAInternal server going across the dmz it continues to go outside of the ISAExternal server. I added in an entry into the LAT on the ISAExternal server to include the 192.168.x.x thinking that would redirect traffic back to the DMZ but this did not work. Any ideas? Im sure im overlooking something simple but I have been given a fairly short deadline to get this going so I thought I would go through the list. Thanks in advance. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tori65@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')