[isalist] Re: adding a second internal network
- From: "Paul Laudenslager" <paul@xxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 23 Feb 2008 16:41:21 -0500
http://www.ISAserver.org
-------------------------------------------------------
Thank you, O Great Thor!
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Saturday, February 23, 2008 4:17 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: adding a second internal network
http://www.ISAserver.org
-------------------------------------------------------
We live but to server.
t
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On Behalf Of Paul Laudenslager
> Sent: Saturday, February 23, 2008 1:11 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: adding a second internal network
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Thanks Thor and Jim... Replying on Saturday...wow, and I thought I
> didn't
> have a life. :)
>
> I went into ISA and clicked Configuration/Networks/Network Rules and
> added
>
> IntraNet
>
> To the Local Network Rule "Internet Access". Done deal.
>
> I can't say how many times you've guys, and the list, and been there
> and
> helped me out over the years.
>
> Thank you so much! Have a wonderful weekend!
>
> Your friend in Virginia,
> Paul L.
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: Saturday, February 23, 2008 2:51 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: adding a second internal network
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Make sure that you've got a "route" relationship for the new network -
> or at least NAT being the right direction... you probably want "route"
> though...
>
> Also, for the clients to route to that network, they'll need the ISA
> box's internal interface on their network set as the default gateway,
> otherwise you'll have to set a persistent route on the clients that
you
> want to access the Intranet network via ISA (IOW, if those clients
> don't
> have ISA as the default gateway, you'd have to route 192.168.0.0 mask
> 255.255.255.0 to the internal interface of ISA).
>
> t
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Paul Laudenslager
> > Sent: Saturday, February 23, 2008 11:33 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] adding a second internal network
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Hi Everyone,
> >
> > This ought to be simple for you gurus... It seems the more I learn,
> the
> > more
> > I realize how much I don't know. :)
> >
> > Current configuration
> >
> > ISA2K6
> > (1) NIC for External Network
> > (1) Internal Network IP: 172.16.88.x - 172.16.91.x Mask:
> > 255.255.252.0
> >
> > I created all the rules and everything is working great for the
> > Internal
> > Network at this point. (web, smtp, dns, etc)
> >
> > I was then tasked to add another, yet separate network. IP:
> > 192.168.0.x
> > Mask: 255.255.255.0
> >
> > Added another NIC, assigned it the 192.168.0.1 address. I can ping
> the
> > network fine from ISA.
> >
> > I went into ISA and added another network called "IntraNet". I
> created
> > the
> > access rules for this new network the same way I created them for
the
> > Internal Network above.
> >
> > However, I can't get the traffic coming from the IntraNet clients to
> > get out
> > of their own network.
> >
> > For example, I'm trying to do a NSLOOKUP from an IntraNet server and
> > receive...
> >
> > Client IP: 192.168.0.5
> > Destination IP: 12.127.16.67
> > Destination Port: 53
> > Protocol: DNS
> > Action: Denied Connection
> > Result Code: 0xc0040012 FWX_E_NETWORK_RULES_DENIED
> > Source Network: IntraNet
> > Destination Network: External
> >
> > My first impression is that it's a routing issue and that I would
> need
> > to
> > create add a 'route' command to this machine.
> >
> > However, since it is currently a production server, I thought I'd
ask
> > before
> > I made any modifications.
> >
> > Thanks in advance for your time and comments.
> >
> > -Paul L.
> >
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
