Re: ISA 2006 and Routing

---

• From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
• Date: Thu, 12 Apr 2007 09:54:05 -0500

---

"Victor" <Victor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B4B64146-2209-4250-8988-B6AE721931A0@xxxxxxxxxxxxxxxx

That's the other funny part of our customer requirements:
They don't want to make the default gateway on the Cisco router the ISA
server.

Then they are screwing themselves. What I described is the correct way to do it
no matter what firewall product you use. Did they explain why they think that?

Basically what I'm trying to do is get a server on the same subnet to use
ISA to get to the Internet, but also use ISA as a router to get to the other
WAN sites.

Then you have to maintain static routes individually on each one of those
machines for each WAN site they go to. This is of course more work, more prone
to error, and requires more documentation.

Maybe later you can explain these things to them if they will let you :-)

1. Routes are for Routers
2. Routing is the job of Routers
3. Default Gateways are for getting to Unknown Routes (not Known Routes).
4. Static Routes (or Dynamic via Routing Protocols) are for Known Routes
5. Hosts are supposed to be "oblivious" to routing apart from their Default
Gateway
6. ISA (or whatever Firewall Product) is the only unique Host that has a reason
for a Static Route because of the type of job it does.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------


.

---

• Follow-Ups:
  • Re: ISA 2006 and Routing
    • From: Jim Harrison \(ISA SE\)

• References:
  • Re: ISA 2006 and Routing
    • From: Phillip Windell
  • Re: ISA 2006 and Routing
    • From: Victor

• Prev by Date: Re: ISA 2006 and Routing
• Next by Date: Re: ISA 2006 and Routing
• Previous by thread: Re: ISA 2006 and Routing
• Next by thread: Re: ISA 2006 and Routing
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ISA 2006 in basic web proxy mode query ... gateway defined at the Core Switch that;s acting as the LAN router. ... For the subnet on which ISA internal interface resides, ... (microsoft.public.isaserver) Re: ISA Server extern in 2 Subnetzten ... >> Router zu pingen (der alte Router ist natürlich noch Standard ... die man dann ohne Standard Gateway konfiguriert ?? ... Alles was ISA also ... (microsoft.public.de.german.isaserver) Re: IP routing on VPN ... A Default Gateway *is* a "static" route and it will ... Your best bet at this point is to remove all manually entered routes, ... > my VPN clients can't connect to the VPN server. ... > Frame router that routes to subnets 192.168.30.1 ... (microsoft.public.windows.server.networking) RE: Source-sensitive Routing ... ... The router will do per-destination load balancing ... > across 2 equal cost static routes. ... > Using the Proxy Server at Dual homed gateway, ... (Security-Basics) Re: Two Routers VPN Community Wireless ... The routing table is standard with the primary gateway at 192.168.12.138. ... I think I have a understanding of how routes work from the PC but combine ... tables in the Router even come into play when the VPN tunnel is established? ... If it would help I can bring the actual routing table in tomorrow from home. ... (microsoft.public.windowsxp.network_web)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.configuration  > 2007-04