http://www.ISAserver.org ------------------------------------------------------- Thank you, O Great Thor! -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Saturday, February 23, 2008 4:17 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: adding a second internal network http://www.ISAserver.org ------------------------------------------------------- We live but to server. t > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Paul Laudenslager > Sent: Saturday, February 23, 2008 1:11 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: adding a second internal network > > http://www.ISAserver.org > ------------------------------------------------------- > > Thanks Thor and Jim... Replying on Saturday...wow, and I thought I > didn't > have a life. :) > > I went into ISA and clicked Configuration/Networks/Network Rules and > added > > IntraNet > > To the Local Network Rule "Internet Access". Done deal. > > I can't say how many times you've guys, and the list, and been there > and > helped me out over the years. > > Thank you so much! Have a wonderful weekend! > > Your friend in Virginia, > Paul L. > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On > Behalf Of Thor (Hammer of God) > Sent: Saturday, February 23, 2008 2:51 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: adding a second internal network > > http://www.ISAserver.org > ------------------------------------------------------- > > Make sure that you've got a "route" relationship for the new network - > or at least NAT being the right direction... you probably want "route" > though... > > Also, for the clients to route to that network, they'll need the ISA > box's internal interface on their network set as the default gateway, > otherwise you'll have to set a persistent route on the clients that you > want to access the Intranet network via ISA (IOW, if those clients > don't > have ISA as the default gateway, you'd have to route 192.168.0.0 mask > 255.255.255.0 to the internal interface of ISA). > > t > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > bounce@xxxxxxxxxxxxx] On Behalf Of Paul Laudenslager > > Sent: Saturday, February 23, 2008 11:33 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] adding a second internal network > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Hi Everyone, > > > > This ought to be simple for you gurus... It seems the more I learn, > the > > more > > I realize how much I don't know. :) > > > > Current configuration > > > > ISA2K6 > > (1) NIC for External Network > > (1) Internal Network IP: 172.16.88.x - 172.16.91.x Mask: > > 255.255.252.0 > > > > I created all the rules and everything is working great for the > > Internal > > Network at this point. (web, smtp, dns, etc) > > > > I was then tasked to add another, yet separate network. IP: > > 192.168.0.x > > Mask: 255.255.255.0 > > > > Added another NIC, assigned it the 192.168.0.1 address. I can ping > the > > network fine from ISA. > > > > I went into ISA and added another network called "IntraNet". I > created > > the > > access rules for this new network the same way I created them for the > > Internal Network above. > > > > However, I can't get the traffic coming from the IntraNet clients to > > get out > > of their own network. > > > > For example, I'm trying to do a NSLOOKUP from an IntraNet server and > > receive... > > > > Client IP: 192.168.0.5 > > Destination IP: 12.127.16.67 > > Destination Port: 53 > > Protocol: DNS > > Action: Denied Connection > > Result Code: 0xc0040012 FWX_E_NETWORK_RULES_DENIED > > Source Network: IntraNet > > Destination Network: External > > > > My first impression is that it's a routing issue and that I would > need > > to > > create add a 'route' command to this machine. > > > > However, since it is currently a production server, I thought I'd ask > > before > > I made any modifications. > > > > Thanks in advance for your time and comments. > > > > -Paul L. > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx