Re: Routing question

• From: "Jay" <jschwarzkopf@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 15 Jun 2002 00:57:39 -0400

Is your gateway (.145) the ISP router?  And if so, did you have the ISP
subnet it?

I'm assuming the ISP's router subnet is x.x.128/27 (and you further
subnetted it to .240 on your internal router to create the DMZ).  If that's
the case, then I believe the ISP's router would not pass the DMZ-bound
traffic to it's gateway, because it expects the DMZ servers on its own
subnet.





----- Original Message -----
From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, June 14, 2002 8:22 PM
Subject: [isalist] Re: Routing question


> http://www.ISAserver.org
>
>
> .149 is in subnet block 10
> .177 is in subnet block 12
> I did not expect Jim to miss that. :(
>
> I have subnetted at a router just inside of ISP router.
>
> Route print is as follows:
>
> 0.0.0.0 0.0.0.0 xx.xx.xx.145
> xx.xx.xx.149
> xx.xx.xx.144 255.255.255.240 xx.xx.xx.149
> xx.xx.xx.149
> xx.xx.xx.149 255.255.255.255 127.0.0.1
> 127.0.0.1
> xx.xx.xx.176 255.255.255.240 xx.xx.xx.177
> xx.xx.xx.177
> xx.xx.xx.177 255.255.255.255 127.0.0.1
> 127.0.0.1
> xx.255.255.255 255.255.255.255 xx.xx.xx.149
> xx.xx.xx.149
> xx.255.255.255 255.255.255.255 xx.xx.xx.177
> xx.xx.xx.177
> 127.0.0.1 255.0.0.0 127.0.0.1
> 127.0.0.1
> 192.168.20.0 255.255.255.0 192.168.20.5
> 192.168.20.5
> 192.168.20.5 255.255.255.255 192.168.20.5
> 192.168.20.5
> 224.0.0.0 224.0.0.0 xx.xx.xx.149
> xx.xx.xx.149
> 224.0.0.0 224.0.0.0 xx.xx.xx.177
> xx.xx.xx.177
> 224.0.0.0 224.0.0.0 192.168.20.5
> 192.168.20.5
> 255.255.255.255 255.255.255.255 xx.xx.xx.149 xx.xx.xx.149
>
> No persistent.
>
> John Tolmachoff
> IT Manager, Network Engineer
> RelianceSoft, Inc.
> Fullerton, CA  92835
> www.reliancesoft.com
>
>
> -----Original Message-----
> From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
> Sent: Friday, June 14, 2002 10:24 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Routing question
>
> http://www.ISAserver.org
>
>
> His subnets look okay to me.  What does a route print show?  Have you
> (or
> your ISP) subnetted your IP range on your external router?
>
>
>
> ----- Original Message -----
> From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, June 14, 2002 12:24 PM
> Subject: [isalist] Re: Routing question
>
>
> > http://www.ISAserver.org
> >
> >
> > Your DMZ and the external NICs are in the same logical subnet; you
> should
> > subnet the DMZ as .248 or greater and split your IPs accordingly.
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/authors/harrison/
> > Read the books!
> > ----- Original Message -----
> > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Thursday, June 13, 2002 3:38 PM
> > Subject: [isalist] Routing question
> >
> >
> > http://www.ISAserver.org
> >
> >
> >
> > This is a multi-part message in MIME format.
> >
> >
> >
> >
> ------------------------------------------------------------------------
> --
> --
> > ----
> >
> >
> > OK, I am stumped with a basic problem.
> >
> >
> >
> > I am in the midst of setting up a test lab for some simulations.
> >
> >
> >
> > ISA is three-homed.
> >
> >
> >
> > External        xx.xx.xx.149   Mask 255.255.255.240 Gateway
> xx.xx.xx.145
> >
> > Internal         192.168.20.5  Mask 255.255.255.0
> >
> > DMZ             xx.xx.xx.177   Mask 255.255.255.240
> >
> >
> >
> > ISA is not installed yet, only serving as router and NAT. I was going
> to
> > wait to install ISA until after the first simulation which involves a
> SQL
> > migration.
> >
> >
> >
> > Internal can access Internet.
> >
> > ISA can access Internet.
> >
> > DMZ can not access Internet.
> >
> > Internal can ping DMZ.
> >
> > DMZ can ping internal.
> >
> > External can not ping DMZ.
> >
> >
> >
> > >From DMZ, I can ping both internal and external of ISA, but not ISA
> gateway
> > of xx.xx.xx.145.
> >
> >
> >
> > John Tolmachoff
> >
> > IT Manager, Network Engineer
> >
> > RelianceSoft, Inc.
> >
> > Fullerton, CA  92835
> >
> > www.reliancesoft.com
> >
> >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------
> --
> --
> > ----
> >
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> >
> >
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> jschwarzkopf@xxxxxxxxxx
> > To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Re: Routing question
• » Routing question

1. Home
2. isalist
3. Archive
4. 06-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---