RE: Physically placing ISA between subnets
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 9 Nov 2004 06:21:04 -0800
It's not only possible, it's also the only way ISA can be used as a
router.
That said, my question to you is "why are you using ISA as a router
between internal subnets?
The traffic profile needs to be COMPLETELY understood before you attempt
this.
ISA 2004 is much pickier about what is "good" vs. "bad" traffic.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Monday, November 08, 2004 3:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Physically placing ISA between subnets
http://www.ISAserver.org
Jim,
Physically placing ISA between our subnets is how our ISA2k is setup.
Is the same possible with isa2k4? Our isa2k system is still online to
support SNAT clients and route between subnets. Our SNAT clients are
all ad-hoc wireless clients (Hotspot clients) need to route to Surf
Control. Surf Control 2k4 changed the way it operates - does not
intercept SNAT clients on isa2k4. Must I employ a router to get the
same functionality I had with ISA2k? I must live with ISA2k until Surf
Control cures the SNAT problem.
Thanx
greg
________________________________
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, November 08, 2004 8:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: dropped undefined traffic via static route with
ISA 2004
http://www.ISAserver.org
I gave you two options; pick the one that suits you best.
You can either use the internal router as the DG for all internal
machines (except ISA, of course), or you can create manual routes in teh
first-subnet hosts.
Either way, stop trying to use ISA as your internal router unless you
are willing to physically place it between the subnets.
________________________________
From: harald [mailto:harald.wolf@xxxxxx]
Sent: Mon 11/8/2004 12:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: dropped undefined traffic via static route with
ISA 2004
http://www.ISAserver.org
Thanks for your answer but let me explain:
My network looks like this:
Internet
|
Linux-FW
|
| DMZ (10.0.0.x/24)
|
ISA-Server 2004 (Back-Firewall)= Router = standard gateway
|
| First Subnet (192.168.x.x/16)
|
Router
|
| Second Subnet (192.16.x.x/16)
When I want to establish traffic from the first to the second subnet, I
need a static route back to the router between first and second subnet
at
the ISA which is the standard gateway. Because of this fact ISA will be
involved in this traffic ...
What would you suggest?
Thanks
Harald
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregory.crockett@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
Other related posts:
