Re: Routing question
- From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 15 Jun 2002 08:14:17 -0700
Correct.
Yes.
Correct
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-----Original Message-----
From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
Sent: Saturday, June 15, 2002 7:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Routing question
http://www.ISAserver.org
ISP router------perimeter router-------ISA-----LAN
|
DMZ
ISP router's internal interface is .129/24?
And you do get traffic through your perimeter router (.131/28 and
.145/28)
to ISA (.149/28)?
And the perimeter router is not NATing?
> --- Original Message -----
> From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Saturday, June 15, 2002 4:05 AM
> Subject: [isalist] Re: Routing question
>
>
> > http://www.ISAserver.org
> >
> >
> > ISP router is .129.
> >
> > Our internal router is .131 on WAN and .145 on LAN. I have it set to
> > subnet our block.
> >
> > Our assigned block is .0/24
> >
> > The ISA, which is only configured with RRAS, is after our internal
> > router.
> >
> > DMZ hosts are set to .178 to .185 with mask of .240. Gateway is ISA.
> >
> > John Tolmachoff
> > IT Manager, Network Engineer
> > RelianceSoft, Inc.
> > Fullerton, CA 92835
> > www.reliancesoft.com
> >
> >
> > -----Original Message-----
> > From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
> > Sent: Friday, June 14, 2002 9:58 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Routing question
> >
> > http://www.ISAserver.org
> >
> >
> > Is your gateway (.145) the ISP router? And if so, did you have the
ISP
> > subnet it?
> >
> > I'm assuming the ISP's router subnet is x.x.128/27 (and you further
> > subnetted it to .240 on your internal router to create the DMZ). If
> > that's
> > the case, then I believe the ISP's router would not pass the
DMZ-bound
> > traffic to it's gateway, because it expects the DMZ servers on its
own
> > subnet.
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Friday, June 14, 2002 8:22 PM
> > Subject: [isalist] Re: Routing question
> >
> >
> > > http://www.ISAserver.org
> > >
> > >
> > > .149 is in subnet block 10
> > > .177 is in subnet block 12
> > > I did not expect Jim to miss that. :(
> > >
> > > I have subnetted at a router just inside of ISP router.
> > >
> > > Route print is as follows:
> > >
> > > 0.0.0.0 0.0.0.0 xx.xx.xx.145
> > > xx.xx.xx.149
> > > xx.xx.xx.144 255.255.255.240 xx.xx.xx.149
> > > xx.xx.xx.149
> > > xx.xx.xx.149 255.255.255.255 127.0.0.1
> > > 127.0.0.1
> > > xx.xx.xx.176 255.255.255.240 xx.xx.xx.177
> > > xx.xx.xx.177
> > > xx.xx.xx.177 255.255.255.255 127.0.0.1
> > > 127.0.0.1
> > > xx.255.255.255 255.255.255.255 xx.xx.xx.149
> > > xx.xx.xx.149
> > > xx.255.255.255 255.255.255.255 xx.xx.xx.177
> > > xx.xx.xx.177
> > > 127.0.0.1 255.0.0.0 127.0.0.1
> > > 127.0.0.1
> > > 192.168.20.0 255.255.255.0 192.168.20.5
> > > 192.168.20.5
> > > 192.168.20.5 255.255.255.255 192.168.20.5
> > > 192.168.20.5
> > > 224.0.0.0 224.0.0.0 xx.xx.xx.149
> > > xx.xx.xx.149
> > > 224.0.0.0 224.0.0.0 xx.xx.xx.177
> > > xx.xx.xx.177
> > > 224.0.0.0 224.0.0.0 192.168.20.5
> > > 192.168.20.5
> > > 255.255.255.255 255.255.255.255 xx.xx.xx.149 xx.xx.xx.149
> > >
> > > No persistent.
> > >
> > > John Tolmachoff
> > > IT Manager, Network Engineer
> > > RelianceSoft, Inc.
> > > Fullerton, CA 92835
> > > www.reliancesoft.com
> > >
> > >
> > > -----Original Message-----
> > > From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
> > > Sent: Friday, June 14, 2002 10:24 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Re: Routing question
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > His subnets look okay to me. What does a route print show? Have
you
> > > (or
> > > your ISP) subnetted your IP range on your external router?
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Friday, June 14, 2002 12:24 PM
> > > Subject: [isalist] Re: Routing question
> > >
> > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > Your DMZ and the external NICs are in the same logical subnet;
you
> > > should
> > > > subnet the DMZ as .248 or greater and split your IPs
accordingly.
> > > > Jim Harrison
> > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > http://isaserver.org/authors/harrison/
> > > > Read the books!
> > > > ----- Original Message -----
> > > > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Thursday, June 13, 2002 3:38 PM
> > > > Subject: [isalist] Routing question
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > >
> > > > This is a multi-part message in MIME format.
> > > >
> > > >
> > > >
> > > >
> > >
> >
------------------------------------------------------------------------
> > > --
> > > --
> > > > ----
> > > >
> > > >
> > > > OK, I am stumped with a basic problem.
> > > >
> > > >
> > > >
> > > > I am in the midst of setting up a test lab for some simulations.
> > > >
> > > >
> > > >
> > > > ISA is three-homed.
> > > >
> > > >
> > > >
> > > > External xx.xx.xx.149 Mask 255.255.255.240 Gateway
> > > xx.xx.xx.145
> > > >
> > > > Internal 192.168.20.5 Mask 255.255.255.0
> > > >
> > > > DMZ xx.xx.xx.177 Mask 255.255.255.240
> > > >
> > > >
> > > >
> > > > ISA is not installed yet, only serving as router and NAT. I was
> > going
> > > to
> > > > wait to install ISA until after the first simulation which
involves
> > a
> > > SQL
> > > > migration.
> > > >
> > > >
> > > >
> > > > Internal can access Internet.
> > > >
> > > > ISA can access Internet.
> > > >
> > > > DMZ can not access Internet.
> > > >
> > > > Internal can ping DMZ.
> > > >
> > > > DMZ can ping internal.
> > > >
> > > > External can not ping DMZ.
> > > >
> > > >
> > > >
> > > > >From DMZ, I can ping both internal and external of ISA, but not
ISA
> > > gateway
> > > > of xx.xx.xx.145.
> > > >
> > > >
> > > >
> > > > John Tolmachoff
> > > >
> > > > IT Manager, Network Engineer
> > > >
> > > > RelianceSoft, Inc.
> > > >
> > > > Fullerton, CA 92835
> > > >
> > > > www.reliancesoft.com
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
------------------------------------------------------------------------
> > > --
> > > --
> > > > ----
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
List
> > as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
List
> > as:
> > > jschwarzkopf@xxxxxxxxxx
> > > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > isalist@xxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > jschwarzkopf@xxxxxxxxxx
> > > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > isalist@xxxxxxxxxxxx
> > To unsubscribe send a blank email to
$subst('Email.Unsub')
> >
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> jschwarzkopf@xxxxxxxxxx
> > To unsubscribe send a blank email to
$subst('Email.Unsub')
>
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
