[isalist] Re: Question about network routes
- From: Jerry Young <jerrygyoungii@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Wed, 11 Feb 2009 10:29:47 -0500
Andrew,
With the static route you configured you basically told the box that all
traffic from 192.168.0.0 to 192.168.255.255 needs to be routed to
192.168.1.1.
The problem is that the DMZ segment is also in that range.
You're going to have to decrease that range so that the static route doesn't
include the DMZ segment.
How big IS your internal network? Is it really a 192.168.0.0/16? Or are
you using a subset of that? Specifically, what are all the possible
networks that can talk with your ISA server; those are the only ones you'll
need to route back.
On Wed, Feb 11, 2009 at 10:16 AM, Andrew Hodgson
<Andrew.Hodgson@xxxxxxxxxx>wrote:
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Hi,
>
> I am building a test ISA server with two network cards that is going to
> be used for our Exchange publishing scenario as well as proxy server
> access.
>
> I built the server according to tutorials I found on www.isaserver.org,
> and made the following decisions:
>
> - Put the default gateway on the adapter that is on the DMZ segment of
> the firewall.
> - DMZ interface has the IP address of 192.168.254.3
> - Internal interface has the IP address of 192.168.1.3.
> - I want clients to access the web via the proxy server on 192.168.1.3.
> Clients can come from a number of subnets, 192.168.2.0, 192.168.3.0 etc.
> - There are servers on 192.168.254.0.
>
> If I add a route for the internal network:
> route -p add 192.168.0.0 mask 255.255.0.0 192.168.1.1 (the VLAN
> gateway).
>
> Then I cannot access machines on the 192.168.254.0 network through my
> new proxy server.
>
> Do I need to add a route for all the other subnets individually on the
> ISA server?
>
> Thanks.
> Andrew.
> --
> allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone,
> Hereford, HR1 3SE.
> Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
>
> Telephone: 0870 243 3434, Fax: 0870 243 6041.
> Website: www.allpay.net
> Email: enquiries@xxxxxxxxxx
>
> This email, and any files transmitted with it, is confidential and intended
> solely for the use of the
> individual or entity to whom it is addressed. If you have received this
> email in error please notify
> the allpay.net Information Security Manager at the number above.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Other related posts:
