I could probably come up with something. I've never set up a router before, though. _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, September 28, 2004 12:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Network-within-network problem on ISA 2004 appears solved http://www.ISAserver.org Hi Rob, There MUST be a better solution than that. Isn't there a router on the premises that can take care of this? Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls -----Original Message----- From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Tuesday, September 28, 2004 11:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] Network-within-network problem on ISA 2004 appears solved http://www.ISAserver.org Hello everyone-- I've sent the list several emails on the network-within-a-network issue, and corresponded with Tom Shinder both on and off the list on this topic. I've been tearing my hair out over it for several weeks now. It finally occurred to me that I could probably get this solved fairly quickly by calling Microsoft PSS, which is what I did this morning. It was a fairly cheap route to get this problem solved, and now I can actually start putting ISA 2004 into production! Anyway, I think there are many of you out there with network configurations similar to what I've got. So I'm guessing some of you might like to hear about the solution. Here it is. I have an internal 172.17.x.x network. I also have roughly 35 192.168.x.x networks that are all physically remote, but network-wise they are internal: they all go through a third party firewall/VPN device to connect to the home network. So here at the home site, we have had two firewalls: ISA 2000 and IPCop (the third party device). With the addition of static routes on the ISA 2000 server pointing to the IPCop firewall, everything worked fine on ISA 2000. It didn't work so well with ISA 2004--communications between the remote subnets and the home office subnet were quirky at best, non-existent at worst. The solution was quite simple: every server in the 172.17.x.x subnet needs to have persistent static routes added for all the 35 remote subnets, all the 172.17.x.x workstations that need to communicate with the remote subnets also need these same persistent static routes, and for good measure I added a static route to each of the remote servers to tell them how to get to the 172.17.x.x subnet. It's been a few hours and all my communication woes are solved, at least for now! Keeping my fingers crossed, Rob ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx