Re: Routing question
- From: "Jay" <jschwarzkopf@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 16 Jun 2002 10:31:24 -0400
Last question. Do you have route to .149 added on the ISP's router? Or are
you running an update protocol on both the perimeter and ISP router?
My confusion:
Internet traffic to .149 gets to ISP router (.129). That router sees .149
on its subnet, so unless it has a route added or its running update
protocol, it should not pass it to its gateway (the perimeter router with IP
of .131). If you do have a route added, ask the ISP to add the route for
your DMZ as well.
----- Original Message -----
From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, June 15, 2002 11:14 AM
Subject: [isalist] Re: Routing question
> http://www.ISAserver.org
>
>
> Correct.
> Yes.
> Correct
>
> John Tolmachoff
> IT Manager, Network Engineer
> RelianceSoft, Inc.
> Fullerton, CA 92835
> www.reliancesoft.com
>
>
> -----Original Message-----
> From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
> Sent: Saturday, June 15, 2002 7:01 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Routing question
>
> http://www.ISAserver.org
>
>
> ISP router------perimeter router-------ISA-----LAN
> |
> DMZ
>
> ISP router's internal interface is .129/24?
> And you do get traffic through your perimeter router (.131/28 and
> .145/28)
> to ISA (.149/28)?
> And the perimeter router is not NATing?
>
>
> > --- Original Message -----
> > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Saturday, June 15, 2002 4:05 AM
> > Subject: [isalist] Re: Routing question
> >
> >
> > > http://www.ISAserver.org
> > >
> > >
> > > ISP router is .129.
> > >
> > > Our internal router is .131 on WAN and .145 on LAN. I have it set to
> > > subnet our block.
> > >
> > > Our assigned block is .0/24
> > >
> > > The ISA, which is only configured with RRAS, is after our internal
> > > router.
> > >
> > > DMZ hosts are set to .178 to .185 with mask of .240. Gateway is ISA.
> > >
> > > John Tolmachoff
> > > IT Manager, Network Engineer
> > > RelianceSoft, Inc.
> > > Fullerton, CA 92835
> > > www.reliancesoft.com
> > >
> > >
> > > -----Original Message-----
> > > From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
> > > Sent: Friday, June 14, 2002 9:58 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Re: Routing question
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > Is your gateway (.145) the ISP router? And if so, did you have the
> ISP
> > > subnet it?
> > >
> > > I'm assuming the ISP's router subnet is x.x.128/27 (and you further
> > > subnetted it to .240 on your internal router to create the DMZ). If
> > > that's
> > > the case, then I believe the ISP's router would not pass the
> DMZ-bound
> > > traffic to it's gateway, because it expects the DMZ servers on its
> own
> > > subnet.
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Friday, June 14, 2002 8:22 PM
> > > Subject: [isalist] Re: Routing question
> > >
> > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > .149 is in subnet block 10
> > > > .177 is in subnet block 12
> > > > I did not expect Jim to miss that. :(
> > > >
> > > > I have subnetted at a router just inside of ISP router.
> > > >
> > > > Route print is as follows:
> > > >
> > > > 0.0.0.0 0.0.0.0 xx.xx.xx.145
> > > > xx.xx.xx.149
> > > > xx.xx.xx.144 255.255.255.240 xx.xx.xx.149
> > > > xx.xx.xx.149
> > > > xx.xx.xx.149 255.255.255.255 127.0.0.1
> > > > 127.0.0.1
> > > > xx.xx.xx.176 255.255.255.240 xx.xx.xx.177
> > > > xx.xx.xx.177
> > > > xx.xx.xx.177 255.255.255.255 127.0.0.1
> > > > 127.0.0.1
> > > > xx.255.255.255 255.255.255.255 xx.xx.xx.149
> > > > xx.xx.xx.149
> > > > xx.255.255.255 255.255.255.255 xx.xx.xx.177
> > > > xx.xx.xx.177
> > > > 127.0.0.1 255.0.0.0 127.0.0.1
> > > > 127.0.0.1
> > > > 192.168.20.0 255.255.255.0 192.168.20.5
> > > > 192.168.20.5
> > > > 192.168.20.5 255.255.255.255 192.168.20.5
> > > > 192.168.20.5
> > > > 224.0.0.0 224.0.0.0 xx.xx.xx.149
> > > > xx.xx.xx.149
> > > > 224.0.0.0 224.0.0.0 xx.xx.xx.177
> > > > xx.xx.xx.177
> > > > 224.0.0.0 224.0.0.0 192.168.20.5
> > > > 192.168.20.5
> > > > 255.255.255.255 255.255.255.255 xx.xx.xx.149 xx.xx.xx.149
> > > >
> > > > No persistent.
> > > >
> > > > John Tolmachoff
> > > > IT Manager, Network Engineer
> > > > RelianceSoft, Inc.
> > > > Fullerton, CA 92835
> > > > www.reliancesoft.com
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
> > > > Sent: Friday, June 14, 2002 10:24 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Re: Routing question
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > His subnets look okay to me. What does a route print show? Have
> you
> > > > (or
> > > > your ISP) subnetted your IP range on your external router?
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Friday, June 14, 2002 12:24 PM
> > > > Subject: [isalist] Re: Routing question
> > > >
> > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > >
> > > > > Your DMZ and the external NICs are in the same logical subnet;
> you
> > > > should
> > > > > subnet the DMZ as .248 or greater and split your IPs
> accordingly.
> > > > > Jim Harrison
> > > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > > http://isaserver.org/authors/harrison/
> > > > > Read the books!
> > > > > ----- Original Message -----
> > > > > From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
> > > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > > Sent: Thursday, June 13, 2002 3:38 PM
> > > > > Subject: [isalist] Routing question
> > > > >
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > >
> > > > >
> > > > > This is a multi-part message in MIME format.
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> ------------------------------------------------------------------------
> > > > --
> > > > --
> > > > > ----
> > > > >
> > > > >
> > > > > OK, I am stumped with a basic problem.
> > > > >
> > > > >
> > > > >
> > > > > I am in the midst of setting up a test lab for some simulations.
> > > > >
> > > > >
> > > > >
> > > > > ISA is three-homed.
> > > > >
> > > > >
> > > > >
> > > > > External xx.xx.xx.149 Mask 255.255.255.240 Gateway
> > > > xx.xx.xx.145
> > > > >
> > > > > Internal 192.168.20.5 Mask 255.255.255.0
> > > > >
> > > > > DMZ xx.xx.xx.177 Mask 255.255.255.240
> > > > >
> > > > >
> > > > >
> > > > > ISA is not installed yet, only serving as router and NAT. I was
> > > going
> > > > to
> > > > > wait to install ISA until after the first simulation which
> involves
> > > a
> > > > SQL
> > > > > migration.
> > > > >
> > > > >
> > > > >
> > > > > Internal can access Internet.
> > > > >
> > > > > ISA can access Internet.
> > > > >
> > > > > DMZ can not access Internet.
> > > > >
> > > > > Internal can ping DMZ.
> > > > >
> > > > > DMZ can ping internal.
> > > > >
> > > > > External can not ping DMZ.
> > > > >
> > > > >
> > > > >
> > > > > >From DMZ, I can ping both internal and external of ISA, but not
> ISA
> > > > gateway
> > > > > of xx.xx.xx.145.
> > > > >
> > > > >
> > > > >
> > > > > John Tolmachoff
> > > > >
> > > > > IT Manager, Network Engineer
> > > > >
> > > > > RelianceSoft, Inc.
> > > > >
> > > > > Fullerton, CA 92835
> > > > >
> > > > > www.reliancesoft.com
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> ------------------------------------------------------------------------
> > > > --
> > > > --
> > > > > ----
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org Discussion
> List
> > > as:
> > > > > jim@xxxxxxxxxxxx
> > > > > To unsubscribe send a blank email to
> > > > $subst('Email.Unsub')
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org Discussion
> List
> > > as:
> > > > jschwarzkopf@xxxxxxxxxx
> > > > > To unsubscribe send a blank email to
> > > > $subst('Email.Unsub')
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > > isalist@xxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > jschwarzkopf@xxxxxxxxxx
> > > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > isalist@xxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > jschwarzkopf@xxxxxxxxxx
> > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> >
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
