http://www.ISAserver.org ------------------------------------------------------- Your stated error ("connection refused message") is not about routing. This tells you that the host to ISA tried to reach actively refused the connection. Look in the ISA logs and make sure the destination IP/port is what you intended. JimmyJoeBob Alooba Office 2007 on Win7 Beta -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson Sent: Thursday, March 12, 2009 8:59 AM To: isalist Subject: [isalist] Network route issue http://www.ISAserver.org ------------------------------------------------------- Hi, I have an issue regarding network routes and ISA. I have ISA server set up as a back firewall with one end in the DMZ network which is 192.168.200.0. The Internal NIC in the ISA configuration is at 192.168.0.0. The issue I have is that traffic is flowing normally through the server, but I am unable to reach machines in the DMZ network via the HTTP proxy (connection refused message). I am also not able to reach machines on 192.168.201.0, which is another DMZ on the front firewall. The internal network definition is set to 192.168.0.0-192.168.200.9, 192.168.200.11-192.168.255.255. I created static routes on the server to send all traffic for subnets such as 192.168.2.0, 192.168.3.0, etc, to the default gateway on the internal interface, 192.168.0.1. I want the server to reach the second DMZ 192.168.201.0 through the server default gateway (and thus through the firewall), and not the internal network, thus I didn't actually create a static route for this network. Here is an ipconfig /all from the server: Windows IP Configuration Host Name . . . . . . . . . . . . : isaserver Primary Dns Suffix . . . . . . . : domain.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.com Ethernet adapter External Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2 Physical Address. . . . . . . . . : 00-13-72-5B-86-58 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.200.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.200.1 Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-13-72-5B-86-57 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.0.7 192.168.1.7 Anyone got any clues on this? Thanks. Andrew. -- allpay Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. On 6th March 2009, allpay.net Limited changed its name to allpay Limited. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@xxxxxxxxxx This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx