RE: routing with isa 2004
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Dec 2004 15:39:39 -0600
Hi Joseph,
Internal to External is typically NAT, since the internal clients are
going to have private addresses.
Remember, the default External Network includes all address that the ISA
firewall doesn't have a definition for.
For example, suppose you have a back to back ISA firewall config. The
DMZ in front of the back-end ISA firewall is on network ID 10.10.10.0/24
and the Internal Network behind the back-end ISA firewall is
192.168.0.0/16.
You can create a route relationship between the default Internal Network
and the DMZ, and a NAT relationship between the default Internal Network
and the default External Network. Communications sourcing from the
default Internal Network behind the back-end ISA firewall to a host on
the DMZ will be Routed, while communications from hosts on the default
Internal Network behind the back-end ISA firewall to the Internet will
be NAT'd.
For any two Networks that the ISA firewall as a Network configured, it
can create either a NAT or Route relationship.
You can even publish servers when there is a Route relationship between
the source and destination Networks. Check out my article on
www.isaserver.org about publishing resources on a public address DMZ for
more info on what to watch out for in this sceanrio.
HTH,
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: josephk [mailto:josephk@xxxxxxxxx]
Sent: Wednesday, December 22, 2004 2:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: routing with isa 2004
http://www.ISAserver.org
Hi Jim,
You're saying that:
Internal >>Route>> External
External >>Nat>> Internal
Or Internal >>Route>> External
External >>Route>> Internal
Thank you,
Joseph
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Wednesday, December 22, 2004 11:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: routing with isa 2004
http://www.ISAserver.org
Yes, you can.
Remember that ISA can't route packets between networks unless it's the
default route for both sides of the conversation.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: James [mailto:jmay@xxxxxxxxxx]
Sent: Wednesday, December 22, 2004 8:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] routing with isa 2004
http://www.ISAserver.org
Hi
I'm running isa 2004 currently as a gateway to the internet with a few
published servers. we just got a new canon copier with some other
networkable goodies.
My lan ip address = 172.16.16.0/24 I have a consultant on his own little
workgroup running 192.168.1.0/24 can I add another nic to my isa 2004
server and rout packets from the 192.168.1.x network to the printer on
the
172.16.16.x? also can the network 192.168.1.x access the internet
through
isa 2004 server?
Thanks Jim
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
