RE: dropped undefined traffic via static route with ISA 2004
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 7 Nov 2004 13:53:24 -0800
First, if you have a router that can pass traffic between the two subnets, why
are you involving ISA at all?
IIUC, you have a configuration as thus:
ISA
|
|-------- Router
| |
192.168/16 172.16/16
..and you want ISA to route traffic between 192.168/16 and 172.16/16 but you
don't want it filtered?
Two options:
1. Use the router as the default route for all hosts in each subnet and
configure the router to use the ISA internal IP as the default route.
2. configure manual routes on the ISA-local subnet hosts for the 172.16/16
subnet.
Either way, quit trying to use ISA as your network router unless you're willing
to physically insert ISA into the path.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: harald [mailto:harald.wolf@xxxxxx]
Sent: Sunday, November 07, 2004 12:02
To: [ISAserver.org Discussion List]
Subject: [isalist] dropped undefined traffic via static route with ISA 2004
http://www.ISAserver.org
Hello!
I have installed the ISA Server 2004 as a back-firewall. Behind the
internal subnet (192.168.x.x/16) there is a second subnet (172.16.x.x/16)
connected
by a router.
Because of these two subnets a static route is needed at the ISA-Server to
direct the traffic from the first subnet (192.168.x.x/16) to the second
subnet (172.16.x.x/16).
I don't want the ISA-2004 to inspect the traffic over this static route -
only the traffic from internal to external and vice versa - but not from
internal to internal, where the static route is defined. So I defined a
rule "any/any" from the first to the second subnet.
Now the problem:
"any/any" only affects the defined protocols. Packets using undefined
protocols without a protocol definition are dropped by the ISA-Server even
if there is this "any/any" rule.
How can I achieve the ISA server not to inspect or regulate the traffic
over the static route at all?
Because of the simple LAT there was no problem with ISA 2000. Since ISA
2004 can manage multiple networks ... how can I prevent the ISA 2004 to
manage the traffic inside all internal networks never crossing the ISA to
the external?
Thanks in advance.
Harald
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
