Correct. Yes. Correct John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: Jay [mailto:jschwarzkopf@xxxxxxxxxx] Sent: Saturday, June 15, 2002 7:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Routing question http://www.ISAserver.org ISP router------perimeter router-------ISA-----LAN | DMZ ISP router's internal interface is .129/24? And you do get traffic through your perimeter router (.131/28 and .145/28) to ISA (.149/28)? And the perimeter router is not NATing? > --- Original Message ----- > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Saturday, June 15, 2002 4:05 AM > Subject: [isalist] Re: Routing question > > > > http://www.ISAserver.org > > > > > > ISP router is .129. > > > > Our internal router is .131 on WAN and .145 on LAN. I have it set to > > subnet our block. > > > > Our assigned block is .0/24 > > > > The ISA, which is only configured with RRAS, is after our internal > > router. > > > > DMZ hosts are set to .178 to .185 with mask of .240. Gateway is ISA. > > > > John Tolmachoff > > IT Manager, Network Engineer > > RelianceSoft, Inc. > > Fullerton, CA 92835 > > www.reliancesoft.com > > > > > > -----Original Message----- > > From: Jay [mailto:jschwarzkopf@xxxxxxxxxx] > > Sent: Friday, June 14, 2002 9:58 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Routing question > > > > http://www.ISAserver.org > > > > > > Is your gateway (.145) the ISP router? And if so, did you have the ISP > > subnet it? > > > > I'm assuming the ISP's router subnet is x.x.128/27 (and you further > > subnetted it to .240 on your internal router to create the DMZ). If > > that's > > the case, then I believe the ISP's router would not pass the DMZ-bound > > traffic to it's gateway, because it expects the DMZ servers on its own > > subnet. > > > > > > > > > > > > ----- Original Message ----- > > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Friday, June 14, 2002 8:22 PM > > Subject: [isalist] Re: Routing question > > > > > > > http://www.ISAserver.org > > > > > > > > > .149 is in subnet block 10 > > > .177 is in subnet block 12 > > > I did not expect Jim to miss that. :( > > > > > > I have subnetted at a router just inside of ISP router. > > > > > > Route print is as follows: > > > > > > 0.0.0.0 0.0.0.0 xx.xx.xx.145 > > > xx.xx.xx.149 > > > xx.xx.xx.144 255.255.255.240 xx.xx.xx.149 > > > xx.xx.xx.149 > > > xx.xx.xx.149 255.255.255.255 127.0.0.1 > > > 127.0.0.1 > > > xx.xx.xx.176 255.255.255.240 xx.xx.xx.177 > > > xx.xx.xx.177 > > > xx.xx.xx.177 255.255.255.255 127.0.0.1 > > > 127.0.0.1 > > > xx.255.255.255 255.255.255.255 xx.xx.xx.149 > > > xx.xx.xx.149 > > > xx.255.255.255 255.255.255.255 xx.xx.xx.177 > > > xx.xx.xx.177 > > > 127.0.0.1 255.0.0.0 127.0.0.1 > > > 127.0.0.1 > > > 192.168.20.0 255.255.255.0 192.168.20.5 > > > 192.168.20.5 > > > 192.168.20.5 255.255.255.255 192.168.20.5 > > > 192.168.20.5 > > > 224.0.0.0 224.0.0.0 xx.xx.xx.149 > > > xx.xx.xx.149 > > > 224.0.0.0 224.0.0.0 xx.xx.xx.177 > > > xx.xx.xx.177 > > > 224.0.0.0 224.0.0.0 192.168.20.5 > > > 192.168.20.5 > > > 255.255.255.255 255.255.255.255 xx.xx.xx.149 xx.xx.xx.149 > > > > > > No persistent. > > > > > > John Tolmachoff > > > IT Manager, Network Engineer > > > RelianceSoft, Inc. > > > Fullerton, CA 92835 > > > www.reliancesoft.com > > > > > > > > > -----Original Message----- > > > From: Jay [mailto:jschwarzkopf@xxxxxxxxxx] > > > Sent: Friday, June 14, 2002 10:24 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] Re: Routing question > > > > > > http://www.ISAserver.org > > > > > > > > > His subnets look okay to me. What does a route print show? Have you > > > (or > > > your ISP) subnetted your IP range on your external router? > > > > > > > > > > > > ----- Original Message ----- > > > From: "Jim Harrison" <jim@xxxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Friday, June 14, 2002 12:24 PM > > > Subject: [isalist] Re: Routing question > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > Your DMZ and the external NICs are in the same logical subnet; you > > > should > > > > subnet the DMZ as .248 or greater and split your IPs accordingly. > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/authors/harrison/ > > > > Read the books! > > > > ----- Original Message ----- > > > > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx> > > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > > Sent: Thursday, June 13, 2002 3:38 PM > > > > Subject: [isalist] Routing question > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > > > > > This is a multi-part message in MIME format. > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > -- > > > -- > > > > ---- > > > > > > > > > > > > OK, I am stumped with a basic problem. > > > > > > > > > > > > > > > > I am in the midst of setting up a test lab for some simulations. > > > > > > > > > > > > > > > > ISA is three-homed. > > > > > > > > > > > > > > > > External xx.xx.xx.149 Mask 255.255.255.240 Gateway > > > xx.xx.xx.145 > > > > > > > > Internal 192.168.20.5 Mask 255.255.255.0 > > > > > > > > DMZ xx.xx.xx.177 Mask 255.255.255.240 > > > > > > > > > > > > > > > > ISA is not installed yet, only serving as router and NAT. I was > > going > > > to > > > > wait to install ISA until after the first simulation which involves > > a > > > SQL > > > > migration. > > > > > > > > > > > > > > > > Internal can access Internet. > > > > > > > > ISA can access Internet. > > > > > > > > DMZ can not access Internet. > > > > > > > > Internal can ping DMZ. > > > > > > > > DMZ can ping internal. > > > > > > > > External can not ping DMZ. > > > > > > > > > > > > > > > > >From DMZ, I can ping both internal and external of ISA, but not ISA > > > gateway > > > > of xx.xx.xx.145. > > > > > > > > > > > > > > > > John Tolmachoff > > > > > > > > IT Manager, Network Engineer > > > > > > > > RelianceSoft, Inc. > > > > > > > > Fullerton, CA 92835 > > > > > > > > www.reliancesoft.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > -- > > > -- > > > > ---- > > > > > > > > > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > jschwarzkopf@xxxxxxxxxx > > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List as: > > > isalist@xxxxxxxxxxxx > > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > > > > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List as: > > jschwarzkopf@xxxxxxxxxx > > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > isalist@xxxxxxxxxxxx > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > jschwarzkopf@xxxxxxxxxx > > To unsubscribe send a blank email to $subst('Email.Unsub') > ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')