No problem - glad it's working. Yes, you can configure caching under Configuration -> Cache and add sites/IP's to the Non Cacheable External Sites or Non Cacheable Published Sites objects for that with the appropriate rules. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Fereydoon Tahmooressi Sent: Friday, March 07, 2008 7:16 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: routing with ISA Thank you Thor, All I had to do was to add the route with -P option, it is working. One more question regarding caching on ISA server. Can I have just one server or IP address not to cache on ISA? ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, March 06, 2008 2:58 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: routing with ISA OK -looking at the diagram, things got a bit more complicated, but I'll make some assumptions (like you've got point-to-point Cisco's providing VPN connectivity between sites and that the 172 networks are simply the end-point serial interfaces, etc). I'll further assume that the remote sites have a "route 0.0.0.0 0.0.0.0 routerIPhere" route for outbound (which helps in this case). The diagram doesn't illustrate whether the remote sites can hit the other remote sites, or how this is accomplished, but I'll assume the existing routing structure handles that. In this case, since the 10.10.16 clients use the ISA box as their default gateway, you'll have to tell ISA how to get to the remote sites. For instance, let's look at the "Maintenance" block at 10.10.15.x/24. Assuming the above, you would need to put a static route in ISA pointing to the Ethernet interface IP on the router supporting the 172.16.1.1 - 172.16.1.2 link -- but the diagram doesn't say what that is so for illustration, let's say it is 10.10.16.254. You would do the following at the ISA box. ROUTE -p ADD 10.10.15.0 MASK 255.255.255.0 10.10.16.254 Again, this assumes that the router on the other side of the 10.10.15.0 already knows how to get back to the 10.10.16.0 network. If not, you'll have to tell that router the opposite otherwise the packets will get there, but will not know how to get back, much like dropping off Greg M off at the mall. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Fereydoon Tahmooressi Sent: Thursday, March 06, 2008 11:45 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: routing with ISA Here is how my internal IP addresses are setup. IP ranges are 10.10.16.1 to 255 Subnet mask is 255.255.252.0 Default gateway which is my internal ISA NIC 10.10.16.6 Also tell me more about adding the routs using route -p add command, can I added all these ranges using this command? How? I am adding the network diagram for the phone system which phone vendor gave us. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, March 06, 2008 1:29 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: routing with ISA What is the subnet mask for the internal network? You say 10.10.16. 0 - 255, so I'll assume 255.255.255.0 -- which means that the .15 and .14 network destinations will be on a different network... Are the .15 and .14 networks different physical networks behind a router? If so, and if your clients have ISA as the default gateway, you'll have to add a persistent route on the ISA box so that it knows the gateway of last resort used to reach the .15 and .14 networks by using the ROUTE -p ADD destination mask gateway command. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Fereydoon Tahmooressi Sent: Thursday, March 06, 2008 11:21 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: routing with ISA They are all internal. No DMZ or internet. All the POE switches will be inside my network. I have 10.10.16.0 to 255. they will have 10.10.15.0 to --- and 10.10.14.0. I did put these ranges in the ISA, but can't ping any of them. Some how I need to tell ISA to route them. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, March 06, 2008 1:09 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: routing with ISA There's more to just giving step-by-step... Is the phone system on the internal network with your other machines? Is it in a dmz-segment of some kind? What machines need to be able to connect to the system, and where are they? If you have external machines (i.e. on the Internet) then you'll have to Server Publish to the port(s) necessary as they are RFC 1918 addresses. If you have "internal" machines that need to hit the system and it is in a DMZ segment, you'll have to properly configure the appropriate Network and Network Relationship and ensure that the clients either use the ISA box as the default gateway or that you add persistent routes to them and that you have the appropriate access rule(s) in place. Let us know who needs to talk to what, from where and to where, and what services (protocols and ports) are needed, etc. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Fereydoon Tahmooressi Sent: Thursday, March 06, 2008 10:56 AM To: ISA Subject: [isalist] routing with ISA Hi, I have ISA 2004 on Windows 2003. I am adding a new IP phone system and need to add several different range of IPs, like 10.10.11.0 to 255, and 198.162,x.xto... I have added these ranges to my ISA as internal addresses, but did not know if I need to set a rule or policy as well. I can not ping these IPs, what do I need to do? I am a little rusty as how to set up rules, etc...so please be very detailed and provide step by step instruction if possible. Thank you very much.