RE: RES: RE: ISA Ain't No Router
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 10 Jan 2005 16:27:03 -0800
Feel free to send me a Visio of this deployment and your ISAInfo from each side.
I don't think it's any different than the one described, just more complex.
________________________________
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Mon 1/10/2005 1:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RE: ISA Ain't No Router
http://www.ISAserver.org
My need is a little different from that one posted on the article, so let's see
if I am right.
I have a scenario just like that one on the article with my HQ and branch
offices. I also have another router on my internal network that connects to a
network at a factory, which has static routes only for my HQ, not for my branch
offices.
When I tested ISA 2004 in this scenario, I created two network rules:
One for the HQ for all traffic that was sent to the factory, this rule was set
to route. This one worked ok.
The other one was configured so that all traffic sent from the branch offices
to the factory would NAT the connections. This one didn't work at all.
Today this access is working properly with ISA 2000. In order to work, I must
leave the factory's IP address range off from the LAT. The routes for the
factory are all configured on the ISA box and everyone's default gateway is the
ISA Server, including both branch offices' routers. Should I set everyone's
Default gw to my HQ's router and its default gateway to ISA Server?
Would this scenario be affected with this problem? All clients are firewall
clients. The factory can create routes for the branch offices, but the telco
which owns the routers want to charge us 300USD for each route created.
Tiago de Aviz
SoftSell - Curitiba
(41) 340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
-----Mensagem original-----
De: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Enviada em: segunda-feira, 10 de janeiro de 2005 14:14
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: ISA Ain't No Router
http://www.ISAserver.org
You're kidding, right?
This wasn't a "feature", it was an unfortunate design choice that ISA 2000
allowed anything from "inside".
It won't be "fixed" because it ain't "broke".
Instead, fix the network design that actually created a dependency on the
firewall for network routing.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
