Re: ISA 2006 and Routing
- From: Victor <Victor@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 12 Apr 2007 07:18:02 -0700
That's the other funny part of our customer requirements:
They don't want to make the default gateway on the Cisco router the ISA
server. Only servers that are being published to the Internet thru ISA are
allowed to have their default gateway changed - if necessary.
Basically what I'm trying to do is get a server on the same subnet to use
ISA to get to the Internet, but also use ISA as a router to get to the other
WAN sites.
I can see in the ISA monitoring tool that the packets are being denied. Is
there a rule I can create to stop the packets from being blocked?
Thanks again.
"Phillip Windell" wrote:
No you don't do any of that and the ISA does not need to be the Default.
Gateway,...that is only the case with a single-subnet LAN.
On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host.
The ISA is the Default Gateway of the LAN Router\
The ISA must have a Static Route that tells it to use the LAN Router for all the
IP Segments on the whole LAN.
All IP Ranges of all IP Segments on the LAN must be included in the Internal
Network Definition's specs.
The GUI and the termionology has changed from ISA2000, but the underlying
principles are identical,..there is no tighter security getting in the way,...at
least not in this particular case anyway.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"Victor" <Victor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71CB20BA-5B36-47BF-B1A3-19031B8AF84A@xxxxxxxxxxxxxxxx
I am trying to publish a server on the Internet, and to do so, I need to make
the ISA server the Default Gateway for the server being published. However,
when I do so, the server being published cannot get to other routes/subnets
on the WAN.
The quick fix would be to add static routes to the server being published,
however, the customer will not allow this. Instead, they are requesting that
the ISA Server run RRAS and act as the router. The problem is that ISA blocks
all traffic on the internal interface.
What rule(s) do I need to apply to ISA to allow it to act as a router? This
was possible out of the box on ISA 2000, but the new, tighter security on ISA
2006 is preventing it.
- Follow-Ups:
- Re: ISA 2006 and Routing
- From: Phillip Windell
- Re: ISA 2006 and Routing
- References:
- Re: ISA 2006 and Routing
- From: Phillip Windell
- Re: ISA 2006 and Routing
- Prev by Date: Re: ISA with WSUS
- Next by Date: Re: ISA 2006 and Routing
- Previous by thread: Re: ISA 2006 and Routing
- Next by thread: Re: ISA 2006 and Routing
- Index(es):
Relevant Pages
|
Loading
