[isapros] Re: [isalist] ISA Server 2006 - Perimeter <-> Internal Intradomain Communication

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>, <isapros@xxxxxxxxxxxxx>
  • Date: Fri, 22 Aug 2008 07:49:51 -0500

Hi Jerry,

Make sure that all networks have ROUTE relationships -- no NAT
relationships in this scenario.

 

HTH,

Tom

 

Thomas W. Shinder, M.D., MCSE  ||  Sr. Consultant / Technical Writer

shinder@xxxxxxxxxxxxxxxxxxxxx  ||  www.prowessconsulting.com
<blocked::http://www.prowessconsulting.com/> 

Mobile: Pending  ||  Phone: Pending  ||  Fax (206) 443.1119

Blog: http://blogs.isaserver.org/shinder  ||  Books:
http://tinyurl.com/2gpoo8 

 

PROWESS CONSULTING  ||  documentation  ||  integration  ||
virtualization

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jerry Young
Sent: Friday, August 22, 2008 7:13 AM
To: isalist@xxxxxxxxxxxxx; isapros@xxxxxxxxxxxxx
Subject: [isalist] ISA Server 2006 - Perimeter <-> Internal Intradomain
Communication

 

All,

 

I'm trying to enable intradomain communcation between the perimeter and
internal networks in my virtual environment.

 

The basic topology of the environment looks like the following:

 

     Corporate Network (treating as ISA external)

                   |

              .---------.

              |  ISA  | --- Perimeter Network (treating as ISA
perimeter)

              '---------"

                   |

     Internal Network (treating as ISA internal)


 

The Corporate Network is the corporate internal network, which I am
using to simulate the "Internet".

 

I followed the documented procedures at the following link (thanks
again, Tom!) to facilitate this communication.

 

http://www.isaserver.org/tutorials/Configuring-Domain-Members-Back-to-Ba
ck-ISA-Firewall-DMZ-Part2.html#

 

However, the server that I have in the perimeter network is not able to
query the DC for DNS that I have in the internal network.  Below are the
log entries and by the look of it, this appears to be a network rule
issue as opposed to a firewall rule issue.

 

10.3.0.40    -  UDP - -      -    8/22/2008 11:53:05 AM 1031 0 0 0 0x0
0x0 - 8/22/2008 7:53:05 AM 10.3.0.40 10.2.0.20 53 DNS Denied Connection
0xc0040012 FWX_E_NETWORK_RULES_DENIED   Perimeter Internal - HVW2K3ISA01
Firewall
10.3.0.40    -  UDP - -      -    8/22/2008 11:53:07 AM 1032 0 0 0 0x0
0x0 - 8/22/2008 7:53:07 AM 10.3.0.40 10.2.0.20 53 DNS Denied Connection
0xc0040012 FWX_E_NETWORK_RULES_DENIED   Perimeter Internal - HVW2K3ISA01
Firewall
 

The Internal Network Element in ISA has the range 10.2.0.0 - 10.2.0.255
defined.  The Perimeter Network Element in ISA has the range 10.3.0.0 -
10.3.0.255 defined.

 

The Network Rule is listed as rule 4, has a routing relationship between
the source network Perimeter and the destination network Internal.

 

Any thoughts on what I am missing?
-- 
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 08-2008