[isalist] Re: Network route issue

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 12 Mar 2009 10:00:10 -0700

http://www.ISAserver.org
-------------------------------------------------------

Your stated error ("connection refused message") is not about routing.
This tells you that the host to ISA tried to reach actively refused the 
connection.
Look in the ISA logs and make sure the destination IP/port is what you intended.


JimmyJoeBob Alooba
Office 2007 on Win7 Beta




-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Andrew Hodgson
Sent: Thursday, March 12, 2009 8:59 AM
To: isalist
Subject: [isalist] Network route issue

http://www.ISAserver.org
-------------------------------------------------------
  
Hi,

I have an issue regarding network routes and ISA.

I have ISA server set up as a back firewall with one end in the DMZ 
network which is 192.168.200.0.  The Internal NIC in the ISA 
configuration is at 192.168.0.0.

The issue I have is that traffic is flowing normally through the server, 
but I am unable to reach machines in the DMZ network via the HTTP proxy 
(connection refused message).  I am also not able to reach machines on 
192.168.201.0, which is another DMZ on the front firewall.

The internal network definition is set to 192.168.0.0-192.168.200.9, 
192.168.200.11-192.168.255.255.

I created static routes on the server to send all traffic for subnets 
such as 192.168.2.0, 192.168.3.0, etc, to the default gateway on the 
internal interface, 192.168.0.1.  I want the server to reach the second 
DMZ 192.168.201.0 through the server default gateway (and thus through 
the firewall), and not the internal network, thus I didn't actually 
create a static route for this network.

Here is an ipconfig /all from the server:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : isaserver
   Primary Dns Suffix  . . . . . . . : domain.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter External Interface:
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
Connection #2
   Physical Address. . . . . . . . . : 00-13-72-5B-86-58
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.200.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.200.1

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
Connection
   Physical Address. . . . . . . . . : 00-13-72-5B-86-57
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 192.168.0.7
                                       192.168.1.7

Anyone got any clues on this?

Thanks.
Andrew.
--
allpay Limited, Fortis et Fides, Whitestone Business Park, Whitestone, 
Hereford, HR1 3SE.
On 6th March 2009, allpay.net Limited changed its name to allpay Limited.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.

Telephone: 0870 243 3434, Fax: 0870 243 6041. 
Website: www.allpay.net
Email: enquiries@xxxxxxxxxx 

This email, and any files transmitted with it, is confidential and intended 
solely for the use of the
individual  or entity to whom it is addressed. If you have received this email 
in error please notify 
the allpay.net Information Security Manager at the number above.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] Network route issue
    • From: Andrew Hodgson

Other related posts:

• » [isalist] Network route issue- Andrew Hodgson
• » [isalist] Re: Network route issue- Steve Moffat
• » [isalist] Re: Network route issue- Andrew Hodgson
• » [isalist] Re: Network route issue - Jim Harrison
• » [isalist] Re: Network route issue- Steve Moffat
• » [isalist] Re: Network route issue- Jim Harrison
• » [isalist] Re: Network route issue- Andrew Hodgson
• » [isalist] Re: Network route issue- Thomas W Shinder
• » [isalist] Re: Network route issue- Jerry Young
• » [isalist] Re: Network route issue- Andrew Hodgson

1. Home
2. isalist
3. Archive
4. 03-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---