[isalist] Re: adding a second internal network
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 23 Feb 2008 11:51:27 -0800
http://www.ISAserver.org
-------------------------------------------------------
Make sure that you've got a "route" relationship for the new network -
or at least NAT being the right direction... you probably want "route"
though...
Also, for the clients to route to that network, they'll need the ISA
box's internal interface on their network set as the default gateway,
otherwise you'll have to set a persistent route on the clients that you
want to access the Intranet network via ISA (IOW, if those clients don't
have ISA as the default gateway, you'd have to route 192.168.0.0 mask
255.255.255.0 to the internal interface of ISA).
t
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Paul Laudenslager
> Sent: Saturday, February 23, 2008 11:33 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] adding a second internal network
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Hi Everyone,
>
> This ought to be simple for you gurus... It seems the more I learn,
the
> more
> I realize how much I don't know. :)
>
> Current configuration
>
> ISA2K6
> (1) NIC for External Network
> (1) Internal Network IP: 172.16.88.x - 172.16.91.x Mask:
> 255.255.252.0
>
> I created all the rules and everything is working great for the
> Internal
> Network at this point. (web, smtp, dns, etc)
>
> I was then tasked to add another, yet separate network. IP:
> 192.168.0.x
> Mask: 255.255.255.0
>
> Added another NIC, assigned it the 192.168.0.1 address. I can ping
the
> network fine from ISA.
>
> I went into ISA and added another network called "IntraNet". I
created
> the
> access rules for this new network the same way I created them for the
> Internal Network above.
>
> However, I can't get the traffic coming from the IntraNet clients to
> get out
> of their own network.
>
> For example, I'm trying to do a NSLOOKUP from an IntraNet server and
> receive...
>
> Client IP: 192.168.0.5
> Destination IP: 12.127.16.67
> Destination Port: 53
> Protocol: DNS
> Action: Denied Connection
> Result Code: 0xc0040012 FWX_E_NETWORK_RULES_DENIED
> Source Network: IntraNet
> Destination Network: External
>
> My first impression is that it's a routing issue and that I would need
> to
> create add a 'route' command to this machine.
>
> However, since it is currently a production server, I thought I'd ask
> before
> I made any modifications.
>
> Thanks in advance for your time and comments.
>
> -Paul L.
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
