[isapros] Re: [isalist] ISA Server 2006 - Perimeter <-> Internal Intradomain Communication
- From: "Jerry Young" <jerrygyoungii@xxxxxxxxx>
- To: isapros@xxxxxxxxxxxxx
- Date: Fri, 22 Aug 2008 09:04:52 -0400
Tom,
The Perimeter Configuration Network Rule that governed traffic between
Internal, Quarantined VPN Clients, VPN Clients and Perimeter had been
specified as a NAT relationship. Changing that to Route solved the issue.
Note that this was set this way by default - it wasn't something I created.
The only NAT relationships I have are between the Perimeter and External
networks (since the Perimeter is a 10 dot address space my corporate
internal network knows nothing about) and between the Internal, Quarantined
VPN Clients, VPN Clients and External networks.
On 8/22/08, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
>
> Hi Jerry,
>
> Make sure that all networks have ROUTE relationships -- no NAT
> relationships in this scenario.
>
>
>
> HTH,
>
> Tom
>
>
>
> *Thomas W. Shinder, M.D., MCSE** **||** **Sr. Consultant / Technical
> Writer***
>
> *shinder@xxxxxxxxxxxxxxxxxxxxx **||** www.prowessconsulting.com*
>
> *Mobile: Pending **||** Phone: Pending** ** **||** Fax (206) 443.1119*
>
> *Blog: http://blogs.isaserver.org/shinder **||** Books:
> http://tinyurl.com/2gpoo8 *
>
> * *
>
> *PROWESS CONSULTING** ** ||** documentation ** ||** integration **||**
> virtualization*
>
> * *
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Jerry Young
> *Sent:* Friday, August 22, 2008 7:13 AM
> *To:* isalist@xxxxxxxxxxxxx; isapros@xxxxxxxxxxxxx
> *Subject:* [isalist] ISA Server 2006 - Perimeter <-> Internal Intradomain
> Communication
>
>
>
> All,
>
>
>
> I'm trying to enable intradomain communcation between the perimeter and
> internal networks in my virtual environment.
>
>
>
> The basic topology of the environment looks like the following:
>
>
>
> Corporate Network (treating as ISA external)
>
> |
>
> .---------.
>
> | ISA | --- Perimeter Network (treating as ISA perimeter)
>
> '---------"
>
> |
>
> Internal Network (treating as ISA internal)
>
>
>
> The Corporate Network is the corporate internal network, which I am using
> to simulate the "Internet".
>
>
>
> I followed the documented procedures at the following link (thanks again,
> Tom!) to facilitate this communication.
>
>
>
>
> http://www.isaserver.org/tutorials/Configuring-Domain-Members-Back-to-Back-ISA-Firewall-DMZ-Part2.html
> #
>
>
>
> However, the server that I have in the perimeter network is not able to
> query the DC for DNS that I have in the internal network. Below are the log
> entries and by the look of it, this appears to be a network rule issue as
> opposed to a firewall rule issue.
>
>
>
> 10.3.0.40 - UDP - - - 8/22/2008 11:53:05
> AM 1031 0 0 0 0x0 0x0 - 8/22/2008 7:53:05 AM 10.3.0.40 10.2.0.20 53 DNS Denied
> Connection 0xc0040012
> FWX_E_NETWORK_RULES_DENIED Perimeter Internal - HVW2K3ISA01 Firewall
> 10.3.0.40 - UDP - - - 8/22/2008 11:53:07
> AM 1032 0 0 0 0x0 0x0 - 8/22/2008 7:53:07 AM 10.3.0.40 10.2.0.20 53 DNS Denied
> Connection 0xc0040012
> FWX_E_NETWORK_RULES_DENIED Perimeter Internal - HVW2K3ISA01 Firewall
>
>
> The Internal Network Element in ISA has the range 10.2.0.0 -
> 10.2.0.255defined. The Perimeter Network Element in ISA has the range
> 10.3.0.0 - 10.3.0.255 defined.
>
>
>
> The Network Rule is listed as rule 4, has a routing relationship between
> the source network Perimeter and the destination network Internal.
>
>
>
> Any thoughts on what I am missing?
> --
> Cordially yours,
> Jerry G. Young II
> Microsoft Certified Systems Engineer
>
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Other related posts:
