Hi Thomas, Inline as well. Joseph -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Saturday, September 25, 2004 1:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Multihomed Computer http://www.ISAserver.org Hi Joseph, Inline... Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: josephk [mailto:josephk@xxxxxxxxx] Sent: Saturday, September 25, 2004 9:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] Multihomed Computer http://www.ISAserver.org Hi Thomas, Yup, it's me asking questions! I'm discovering that with ISA 2004 "ROUTE ADD'S" might not be needed is this true? **TOM: You still need to add routes for networks the ISA firewall isn't aware of. So, all networks that the ISA firewall isn't directly connected to, there must be a route added to reach that network. Note that you don't need to do this if you are publishing resources behind the back-end ISA firewall, because you are forwarding to the address on the external interface of the back-end ISA firewall, whch is on a network that the front-end ISA firewall is directly connected to, so there is no routing involved here. I've been reading the docs about setting up subnets and such and your VPN in a back to back setup, where you had Used 10, 172, 192 and 192 as another subnet. I'm looking where ISA sets up the process to all you to ping all those nics. Switch 1 for example Has 172.0.0.1 from the multihomed machine And 172.0.0.2 from a different machine. When on 172.0.0.2 I'm unable to ping the 172.0.0.1 machine. **TOM: What machines are plugged into this switch? What machine are represented by these two addresses? >>Joseph: My switch has the nic from the backend ISA BOX 172.0.0.1 and the DNS server which is 172.0.0.2 I've learned a lot this week about ISA 2004 from the groups and reading. Just did not have enough time to spend on Getting this new network in place before I fly tomorrow. Guess I'll have to live with old setup until I get back :(. **TOM: Life and networks are processes with no destination, they're always a work in progress :-) >>Joseph: I'm learning that one! Big, time. When writing the applications for them you need to know more. However, "the more I know the less I know. Anonymous person" So with this article: http://www.isaserver.org/articles/2004multdmzp2.html what "ROUTE ADD'S" would be used? It also seems that The route function within ISA is different then "ROUTE ADD'S" I did not really want to setup lots of "ROUTE ADD'S" unless it was necessary. I have my *.cmd file ready to apply or remove the entries when I get just one machine pinging. **TOM: The only route adds you would need to do would be on the front-end ISA firewall. And you would only use them IF there is a route relationship between the honeypot DMZ and one of the back-end networks. If you're using NAT between the back-end networks, then there is no need for a route ADD. HTH, Tom >>Joseph: No I'm doing the honey pot setup. I like that idea. And the backend firewall has the 4 nics in it. Like the article. As I read more, all is begging to make more sense. I sometimes like to see the diagrams and charts in order to make sense of what I see written. So, I'm making charts based on the questions and answers I receive on this issue. I'll send it to you when I get the network in this form setup. Still trying to get the VPN up by tomorrow 6:30 AM pac have to leave for airport and will be on client site for 3 weeks. Thank you, Joseph ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx