Feel free to send me a Visio of this deployment and your ISAInfo from each side. I don't think it's any different than the one described, just more complex. ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Mon 1/10/2005 1:01 PM To: [ISAserver.org Discussion List] Subject: [isalist] RES: RE: ISA Ain't No Router http://www.ISAserver.org My need is a little different from that one posted on the article, so let's see if I am right. I have a scenario just like that one on the article with my HQ and branch offices. I also have another router on my internal network that connects to a network at a factory, which has static routes only for my HQ, not for my branch offices. When I tested ISA 2004 in this scenario, I created two network rules: One for the HQ for all traffic that was sent to the factory, this rule was set to route. This one worked ok. The other one was configured so that all traffic sent from the branch offices to the factory would NAT the connections. This one didn't work at all. Today this access is working properly with ISA 2000. In order to work, I must leave the factory's IP address range off from the LAT. The routes for the factory are all configured on the ISA box and everyone's default gateway is the ISA Server, including both branch offices' routers. Should I set everyone's Default gw to my HQ's router and its default gateway to ISA Server? Would this scenario be affected with this problem? All clients are firewall clients. The factory can create routes for the branch offices, but the telco which owns the routers want to charge us 300USD for each route created. Tiago de Aviz SoftSell - Curitiba (41) 340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. -----Mensagem original----- De: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Enviada em: segunda-feira, 10 de janeiro de 2005 14:14 Para: [ISAserver.org Discussion List] Assunto: [isalist] RE: ISA Ain't No Router http://www.ISAserver.org You're kidding, right? This wasn't a "feature", it was an unfortunate design choice that ISA 2000 allowed anything from "inside". It won't be "fixed" because it ain't "broke". Instead, fix the network design that actually created a dependency on the firewall for network routing. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.