Re: New subnet with two NICs

Thanks for your quick response Phillip!

We do use a layer 3 switch and the routing is being handled with RIP ver2.
On both subnets (new and old), each device is configured to use this layer 3
switch as the default gateway. So everything is working with that and
traffic is able to pass through to each other.

If I understand you correctly, what needs to be done on the ISA is to:
1. add a static route on the ISA box via command line
(so: route add 192.168.6.0 mask 255.255.255.0 192.168.4.10 metric 1 -p
where 192.168.6.0. is the new network and 192.168.4.10 is the ip address of
the layer 3 switch mentioned above).
2. Go into ISA and add the new IP range (192.168.6.0 - 192.168.6.255) to the
current Internal network list.
So I shouldn't have to add any NAT rules or Routes in the ISA network
configuration?
Thanks again!

"Phillip Windell" wrote:

To add a subnet you have to have a LAN Router on the LAN to sit between the
old and the new subnets.

This LAN Router will become the Default Gateway for the entire LAN. All
devices (except ISA) use the LAN Router as the Default Gateway via the IP#
of the LAN Router that directly faces them.

The ISA requires a Static Route added to the OS's Routing Table (from a
command prompt) that tells it to use the LAN Router as the "path" to the
LAN's subnets.

All the IP Ranges of the entire LAN get added to the Addresses Tab of the
Internal Network Definition. (Do *not* create new networks ont he ISA).

The most economical LAN Router would probably be a Layer3 Switch which is a
Switch and a LAN Router build into the same piece of hardware.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


"bsit05" <bsit05@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6CE9B409-48CF-49B7-BD8D-3BF394875974@xxxxxxxxxxxxxxxx
Hello everybody. I'm hoping somebody can help me out. Here's the
situation:
ISA 2004 Standard. One internal network list (192.168.4.0). When I try to
add
an additional new network, say 192.168.6.0, the new network cannot access
the
proxy box and therefore cannot access the internet. The proxy box is dual
homed with one nic going to the internal network and one going to DMZ
perimeter network. The internal nic does not have a default gateway set
and
DMZ nic's gateway is pointing to a Cisco pix (front end firewall). I have
tried the following:
-Adding the new subnet into the exsisting internal network range (so all
proxy firewall rules would apply to the internal network). Didn't work.
-Took the new subnet out of the internal network list and added it as a
new
network. Added the new network to all the same rules that is applied to
the
internal network. Didn't work. Going along with this, I then added routes
and
firewall rules to the new network accessing internal network and vice
versa
(internal network access to new network). Didn't work.
In the monitor I cannot see anything from the new network (as the source)
trying to get through to the internet. If I am in the new network and try
to
access the proxy box via RDP, I can see this in the monitor as being
denied.
The monitor shows the source as being the new network and destination
being
Local Host of the proxy box. In my firewall rules this is allowed, but
it's
getting denied.
What do I have to do to add a new network and get it to access the
internet
and RDP into the internal network? It looks like Phillip Wendell answered
a
similar post to this about a month ago, however it was only with one NIC.
Thanks for any help you can provide.



.

Relevant Pages

  • Re: Windows 2003 Improper Handling of 10.0.0.0 Subnets?
    ... router does not know how to reach the destination network, ... But in general I do agree that when you first deal with ISA it is very very ... You can use a larger Class Network on the NIC, then define subnets in ISA ... the Firewall Rule column with just blank information. ...
    (microsoft.public.windows.server.networking)
  • Re: ISA Internal Network Problems
    ... It is a SBS network, with a few other subnets. ... > I take it this is not a small business server network ... > I don't pretend to be a ISA network, but the first thing I would do is to make all subnets part of the "Internal Network" ...
    (microsoft.public.windows.server.sbs)
  • Re: Juniper Ssl Vpn
    ... out a different gateway as well (not the ISA). ... added to the Internal Network Address List then the SecureNAT Service would ... My LAN Router is the Default ... Changing the Internal Network Addresses to include this number causes ALL ...
    (microsoft.public.isa)
  • Re: Configuration error alert
    ... All of those IP Ranges have to be included in the Internal Network ... You cannot use the ISA as the Default Gtgeway for any Hosts on the LAN. ...
    (microsoft.public.isa.configuration)
  • RPC Publishing and Internal Network routing.
    ... I have two ISA 2006 problems I want to tear my hair out because off. ... Problem 1 RPC ... My working internal network range is 10.0.0.0 mask 255.255.252.0 Default ...
    (microsoft.public.isa.configuration)
Loading