dropped undefined traffic via static route with ISA 2004
- From: "harald" <harald.wolf@xxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Sun, 7 Nov 2004 13:02:05 -0700
Hello!
I have installed the ISA Server 2004 as a back-firewall. Behind the
internal subnet (192.168.x.x/16) there is a second subnet (172.16.x.x/16)
connected
by a router.
Because of these two subnets a static route is needed at the ISA-Server to
direct the traffic from the first subnet (192.168.x.x/16) to the second
subnet (172.16.x.x/16).
I don't want the ISA-2004 to inspect the traffic over this static route -
only the traffic from internal to external and vice versa - but not from
internal to internal, where the static route is defined. So I defined a
rule "any/any" from the first to the second subnet.
Now the problem:
"any/any" only affects the defined protocols. Packets using undefined
protocols without a protocol definition are dropped by the ISA-Server even
if there is this "any/any" rule.
How can I achieve the ISA server not to inspect or regulate the traffic
over the static route at all?
Because of the simple LAT there was no problem with ISA 2000. Since ISA
2004 can manage multiple networks ... how can I prevent the ISA 2004 to
manage the traffic inside all internal networks never crossing the ISA to
the external?
Thanks in advance.
Harald
Other related posts:
