RE: Publishing Exchange through ISA on a complex ne twork,

• From: TRadtke@xxxxxxxxxxxx
• To: isalist@xxxxxxxxxxxxx
• Date: Mon, 3 Jan 2005 09:33:03 -0600

Jim is right.  Routers are designed to ignore traffic that they should not
be seeing.  Also, traffic generated on a network segment that is not in the
network class as another machine will also be ignored.  A box of
10.100.100.1 and a box on 192.168.100.1 will not talk even if they have a
crossover cable plugged into them if TCP/IP is the only protocol stack
running on it.

Or you have a custom written TCP/IP stack, and with that case both us and an
ISA server are of no help to you.  And I'd be surprised that any of your
equipment would be working at all.  You might as well be running IPX/SPX
with a translational bridge then.

I'd suggest a basic networking book from Cisco as a good place to start....

Good luck with that....

Troy

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Monday, January 03, 2005 9:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing Exchange through ISA on a complex network,


http://www.ISAserver.org

No application can get around basic TCP/IP routing.
It's unrealistic of you to expect that.


  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 

-----Original Message-----
From: Ruba Al Omari, Eng. [mailto:romari@xxxxxxxxxxxxxxxxx] 
Sent: Monday, January 03, 2005 12:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing Exchange through ISA on a complex
network,

http://www.ISAserver.org


Thank u, I will try that and most likely will keep the ISA on the same
subnet.

However technically there is a route between the exchange and the ISA
that is on another subnet, and there should be a way (without adding a
second NIC on the exchange) on the application level to ask the NIC to
direct specific type of traffic to another IP as far as its reachable
then it shouldn't be the application's business whether its on the same
subnet or not, right?

I can do that at layer 3 but I don't want to mess the routing tables, I
thought the application will deal better with this and I realize it's
not an ISA issue at this point.

Its like the application will say take this packet to w.x.y.z; layer 3
will not find this w.x.y.z and will send it through its GW and keep
going till it reaches a routing table where that IP is reachable without
having to have that specific IP as a last resort. Its like the
application doesn't trust that layer3 knows what its doing and will
deliver the packet. Does this make sense or am I drinking a lot of
caffeine lately?

Thanx
r.


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Saturday, January 01, 2005 7:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing Exchange through ISA on a complex
network,

http://www.ISAserver.org

Since you can't meet the requirement of making the ISA the default route
for your server-published resources, you have to use alternate methods.
You don't say want ISA version you're using, so...

ISA 2000:
http://support.microsoft.com/?id=311777 

ISA 2004:
- set the "Requests appear to come from the ISA server" in the "To" tab
of the affected publishing rule

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 

-----Original Message-----
From: Ruba Al Omari, Eng. [mailto:romari@xxxxxxxxxxxxxxxxx] 
Sent: Saturday, January 01, 2005 12:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Publishing Exchange through ISA on a complex network,

http://www.ISAserver.org


Hi,

 

Is there a way to publish exchange through ISA if exchange is on a
different subnet?  I read Jim's article about designing ISA in a complex
network
http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a
_Complex_Network.html but it doesn't work with me, I can't set a
specific ISA to be the last resort for the whole network; each subnet
has its requirements and I have more than one ISP, the exchange doesn't
have an option where the user can say direct the SMTP traffic to this
specific IP (but not the smart host), and of course I can't set the ISA
as the GW of the exchange because its on a different subnet, what am I
missing here?

 

Another thing is I placed an ISA on the same subnet of the exchange
temporarily, the following is the configuration:

ISA: 2 NICs: 

1-       Internal 10.92.60.20 ; DMZ: 200.200.200.194 for example

 

Exchange: 1 NIC:

1-       10.92.60.4

 

Untrust : 200.200.200.208

 

Exchange public IPs: 

1-       200.200.200.195

2-       200.200.200.196

 

I have not tried this but I assume if I assign the exchange IPs as
multiple IP addresses for the ISA DMZ interface and publish the exchange
things will work fine, is this correct?

 

Currently I had to publish the email through hardware firewalls.

 

Thanks for any help

r.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
romari@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » RE: Publishing Exchange through ISA on a complex ne twork,

1. Home
2. isalist
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---