RE: how to manage using ISA behind a leased line

  • From: Gerard Dumazet <gdumazet@xxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 2 Jan 2002 12:09:05 +0100

sorry for my english. i read carefully your reply and just realised my
question was not clear

i have only one ISA in site A - no exchange server
2 subnets and one domain with a pdc in site B and a bdc in site A

site A 192.168.2.0      bdc2000 + ISA   internal NIC 192.168.2.0
gateway : none
                                                        external NIC
192.168.3.2     gateway 192.168.3.1 adsl router

in site A all clients securenat clients         internet fine   smtp/pop
fine for outlook express
all clients can share with site B having settled static and permanent routes
to site B having 192.168.2.1 as gateway

site B 192.168.1.0      pdc2000 AD              NIC     192.168.1.2

no ISA, no EXCHANGE

how to configure any client of site B to be able to be a securenat client
for iSA on site A

and

to access shared ressources in site A

pointing the default gateway on site B's router doen not help



         


-----Message d'origine-----
De : Gallop, George [mailto:George.Gallop@xxxxxxxxxx]
Envoye : mardi 1 janvier 2002 23:27
A : [ISAserver.org Discussion List]
Objet : [isalist] RE: how to manage using ISA behind a leased line


http://www.ISAserver.org


Happy New Year.

I am struggling with understanding your English, sorry.
 
I am no guru, but possibly if I explain what I understood of the problem
we can try and all help?  I have a suggested solution below, so if
anyone wants to comment further...

Site A: 192.168.2.x 
Site B: 192.168.1.x

Both Sites connect through a leased line:
Router is 192.168.2.1 for site A 
and 192.168.1.1 Site B

DC / possibly Exchange Server in each site and also ISA Server (?): 

Site A 192.168.2.2
Site B 192.168.1.2 (?)


I think for clients to access the DC's in each site, you need to do the
following:

1. Set the Default gateway on the secure NAT clients to the ISA server
in the site.
2. On the ISA Server in each site set a static route something like
(depending on your subnet mask):

Site B's ISA Server:
route add -p 192.168.2.0 mask 255.255.255.0 192.168.1.1 metric

Site A's ISA Server:
route add -p 192.168.1.0 mask 255.255.255.0 192.168.2.1 metric

3. In the LAT for the ISA Server ensure the remote network 192.168.x.x
is there.

Lastly, I am not sure but would the clients using SNAT also need a
static route to the remote network, anyone?

Kind regards, George


-----Original Message-----
From: dumazet [mailto:gdumazet@xxxxxxxxxxx] 
Sent: Wednesday, 2 January 2002 4:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] how to manage using ISA behind a leased line

http://www.ISAserver.org


fist of all happy new year to everyone especially to those who are
managing this helpful list

i already asked one week ago such a question but did'nt succeeded to
have
the right answer, so i formulate again my problem

it is a small company with 6 boxes center of paris (site A 192.168.2.0)
and another office with 10 boxes (site B 192.168.1.0)

both offices are connected through a leased line with cisco routers 800
having adresses 192.168.2.1 for site A and 192.168.1.1 for site B

a win 2K cpd with ad is in site B and another in site A 192.168.2.2

each box in each site has to connect to shared applications ou folders
in
one or the other site. until now everything was working fine

to give access for users to internet and be able to use outlook express
for internet mail we just installed ISA on the csd of site A :
192.168.2.2
waiting for better time to use another independant server
we are using a bewan router on adsl line ok

everything working fine for site A with securenat clients (http, smtp,
pop3)even able to use shared folders on site B using add -p routes to
site
B

but we dont't know what to do for site B

on the internal NIC of ISA 192.168.2.2 we can't include a gateway on the
router of site A 192.168.2.1 , accordingly the boxes of site B can't
connect to the shared folders or applis running on ISA box.

all boxes of site B have the router of site B as gateway 192.168.1.1 but
this does not help to be securenat clients for ISA on site A

applis don't work anymore and internet is useless

i am sure for most of you this routing problem should be quite easy to
solve and i just see on message also on this list nearby mine but noone
gave idea and this is why i ask again

thanks for any idea


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
george.gallop@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gdumazet@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts: