Re: New subnet with two NICs

Update:
Phillip---I did what you suggested and it works! Thank you so much for your
help!


"bsit05" wrote:

Thanks for your quick response Phillip!

We do use a layer 3 switch and the routing is being handled with RIP ver2.
On both subnets (new and old), each device is configured to use this layer 3
switch as the default gateway. So everything is working with that and
traffic is able to pass through to each other.

If I understand you correctly, what needs to be done on the ISA is to:
1. add a static route on the ISA box via command line
(so: route add 192.168.6.0 mask 255.255.255.0 192.168.4.10 metric 1 -p
where 192.168.6.0. is the new network and 192.168.4.10 is the ip address of
the layer 3 switch mentioned above).
2. Go into ISA and add the new IP range (192.168.6.0 - 192.168.6.255) to the
current Internal network list.
So I shouldn't have to add any NAT rules or Routes in the ISA network
configuration?
Thanks again!

"Phillip Windell" wrote:

To add a subnet you have to have a LAN Router on the LAN to sit between the
old and the new subnets.

This LAN Router will become the Default Gateway for the entire LAN. All
devices (except ISA) use the LAN Router as the Default Gateway via the IP#
of the LAN Router that directly faces them.

The ISA requires a Static Route added to the OS's Routing Table (from a
command prompt) that tells it to use the LAN Router as the "path" to the
LAN's subnets.

All the IP Ranges of the entire LAN get added to the Addresses Tab of the
Internal Network Definition. (Do *not* create new networks ont he ISA).

The most economical LAN Router would probably be a Layer3 Switch which is a
Switch and a LAN Router build into the same piece of hardware.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


"bsit05" <bsit05@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6CE9B409-48CF-49B7-BD8D-3BF394875974@xxxxxxxxxxxxxxxx
Hello everybody. I'm hoping somebody can help me out. Here's the
situation:
ISA 2004 Standard. One internal network list (192.168.4.0). When I try to
add
an additional new network, say 192.168.6.0, the new network cannot access
the
proxy box and therefore cannot access the internet. The proxy box is dual
homed with one nic going to the internal network and one going to DMZ
perimeter network. The internal nic does not have a default gateway set
and
DMZ nic's gateway is pointing to a Cisco pix (front end firewall). I have
tried the following:
-Adding the new subnet into the exsisting internal network range (so all
proxy firewall rules would apply to the internal network). Didn't work.
-Took the new subnet out of the internal network list and added it as a
new
network. Added the new network to all the same rules that is applied to
the
internal network. Didn't work. Going along with this, I then added routes
and
firewall rules to the new network accessing internal network and vice
versa
(internal network access to new network). Didn't work.
In the monitor I cannot see anything from the new network (as the source)
trying to get through to the internet. If I am in the new network and try
to
access the proxy box via RDP, I can see this in the monitor as being
denied.
The monitor shows the source as being the new network and destination
being
Local Host of the proxy box. In my firewall rules this is allowed, but
it's
getting denied.
What do I have to do to add a new network and get it to access the
internet
and RDP into the internal network? It looks like Phillip Wendell answered
a
similar post to this about a month ago, however it was only with one NIC.
Thanks for any help you can provide.



.

Relevant Pages

  • Re: "Network name no longer available" going through ISA2006
    ... The ISA goes at the outer edge of the LAN ... Don't use the words Switch or Gateway. ... features and call it a Router, I don't need to know about the layer2 part ... one for the Curriculum and one for the Admin network. ...
    (microsoft.public.isa)
  • RPC Publishing and Internal Network routing.
    ... I have two ISA 2006 problems I want to tear my hair out because off. ... Problem 1 RPC ... My working internal network range is 10.0.0.0 mask 255.255.252.0 Default ...
    (microsoft.public.isa.configuration)
  • Re: Witch rule to allow firewal client to connect to isa server ?
    ... I don't choose the actual configuration. ... First i have put all the network card in the INTERNAL network of isa. ...
    (microsoft.public.isa)
  • Re: RPC Publishing and Internal Network routing.
    ... the default gateway for the vlan/subnet it "directly" services. ... I have 3 network segments I want to get to work together in wholey matrimoney. ... Also I have addedd the following static routes to isa to test in the past ... the switch with the vlan acting sort of like one. ...
    (microsoft.public.isa.configuration)
  • RE: Unable to allow Internet Access from ISA Server Machine
    ... So no matter what I do the the Local Host network, ... going to look at the Internal Network for the settings. ... Configuring ISA Server with a Single Network Adapter ...
    (microsoft.public.isaserver)