Re: ISA 2006 and Routing

No you don't do any of that and the ISA does not need to be the Default
Gateway,...that is only the case with a single-subnet LAN.

On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host.

The ISA is the Default Gateway of the LAN Router\

The ISA must have a Static Route that tells it to use the LAN Router for all the
IP Segments on the whole LAN.

All IP Ranges of all IP Segments on the LAN must be included in the Internal
Network Definition's specs.

The GUI and the termionology has changed from ISA2000, but the underlying
principles are identical,..there is no tighter security getting in the way,...at
least not in this particular case anyway.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Victor" <Victor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71CB20BA-5B36-47BF-B1A3-19031B8AF84A@xxxxxxxxxxxxxxxx
I am trying to publish a server on the Internet, and to do so, I need to make
the ISA server the Default Gateway for the server being published. However,
when I do so, the server being published cannot get to other routes/subnets
on the WAN.

The quick fix would be to add static routes to the server being published,
however, the customer will not allow this. Instead, they are requesting that
the ISA Server run RRAS and act as the router. The problem is that ISA blocks
all traffic on the internal interface.

What rule(s) do I need to apply to ISA to allow it to act as a router? This
was possible out of the box on ISA 2000, but the new, tighter security on ISA
2006 is preventing it.


.

Relevant Pages

  • Re: ISA 2006 in basic web proxy mode query
    ... Having installed ISA 2006 and patched it with SP1, ... You have a multi-subnet LAN with a single LAN Router in the ... Exterior to that you have a traditional Internet WAN Router operating ...
    (microsoft.public.isaserver)
  • Re: routing on isa 2006
    ... How is ISA going to interact with the Domain for authentication? ... If your LAN has a LAN Router,...which it probably won't on a single subnet ... LAN,...then the LAN Router must be the Default Gateway of all Hosts on the ... as the "path" to the Remote VPN Segment. ...
    (microsoft.public.isaserver)
  • Re: Allow Remote Subnet to Authenticate
    ... LAN router doesn't have the ISA servers as it's gateway. ... The ISA server internal nic is in the 10.0 subnet and C/TS on that subnet ... DNS I don't see as being even relevant to this,...but the details of the ...
    (microsoft.public.isa.configuration)
  • Re: Force All to use firewall Client ONLY
    ... Remove all the browser's proxy settings. ... Definition which will only be true if the ISA is doubling as the LAN Router. ... Create an anonymous Access Rule for HTTP/HTTPS/FTP that only applies to ...
    (microsoft.public.isa)
  • Re: Non-domain joined Vista Clients cannot get through ISA 2004 with authentication enabled
    ... Arrange the LAN design so that the Guests use a special LAN IP Segment. ... Then allow anonymous web access with ISA for that particular IP Segment ... Microsoft ISA Server Partners: Partner Hardware Solutions ...
    (microsoft.public.isa.clients)
Loading