RE: Network-within-network problem on ISA 2004 appears solved

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 28 Sep 2004 11:58:04 -0500

Rob,

Since the VPN networks are behind the ISA firewall (on their ISA
firewall's Internal network), then by putting a router in between the
ISA firewall and all the networks allows you to configure the routing
table on the ISA firewall and provide the appropriate gateway address
that routes back to those networks. I've done it and it works.


Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx] 
Sent: Tuesday, September 28, 2004 11:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Network-within-network problem on ISA 2004
appears solved


http://www.ISAserver.org

Would a router help? With ISA 2000, simply having all the static routes
defined on that box was enough. Having them defined on the ISA 2004 box
was not enough--it seems that the ISA 2004 server intercepts traffic
headed for these remote subnets, even though they're defined as part of
the internal network. Would a router stop the traffic destined for the
remote subnets from going to the ISA 2004 box at all? I guess I'd put
the router right in front of the ISA 2004 box? (I told you I've never
configured a router before.)

Rob




From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, September 28, 2004 12:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Network-within-network problem on ISA 2004
appears solved


http://www.ISAserver.org

Hi Rob,

There MUST be a better solution than that. Isn't there a router on the
premises that can take care of this?

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx] 
Sent: Tuesday, September 28, 2004 11:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Network-within-network problem on ISA 2004 appears
solved


http://www.ISAserver.org

Hello everyone-- 
I've sent the list several emails on the network-within-a-network issue,
and corresponded with Tom Shinder both on and off the list on this
topic. I've been tearing my hair out over it for several weeks now. It
finally occurred to me that I could probably get this solved fairly
quickly by calling Microsoft PSS, which is what I did this morning. It
was a fairly cheap route to get this problem solved, and now I can
actually start putting ISA 2004 into production!
Anyway, I think there are many of you out there with network
configurations similar to what I've got. So I'm guessing some of you
might like to hear about the solution. Here it is. I have an internal
172.17.x.x network. I also have roughly 35 192.168.x.x networks that are
all physically remote, but network-wise they are internal: they all go
through a third party firewall/VPN device to connect to the home
network. So here at the home site, we have had two firewalls: ISA 2000
and IPCop (the third party device). With the addition of static routes
on the ISA 2000 server pointing to the IPCop firewall, everything worked
fine on ISA 2000. It didn't work so well with ISA 2004--communications
between the remote subnets and the home office subnet were quirky at
best, non-existent at worst. The solution was quite simple: every server
in the 172.17.x.x subnet needs to have persistent static routes added
for all the 35 remote subnets, all the 172.17.x.x workstations that need
to communicate with the remote subnets also need these same persistent
static routes, and for good measure I added a static route to each of
the remote servers to tell them how to get to the 172.17.x.x subnet. 
It's been a few hours and all my communication woes are solved, at least
for now! 
Keeping my fingers crossed, 
Rob 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved
• » RE: Network-within-network problem on ISA 2004 appears solved

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---