Re: New subnet with two NICs

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

"bsit05" <bsit05@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BFCFD6B2-B580-495E-8106-E7AA9C27C684@xxxxxxxxxxxxxxxx
Thanks for your quick response Phillip!

We do use a layer 3 switch and the routing is being handled with RIP ver2.
On both subnets (new and old), each device is configured to use this layer
3
switch as the default gateway. So everything is working with that and
traffic is able to pass through to each other.

If I understand you correctly, what needs to be done on the ISA is to:
1. add a static route on the ISA box via command line
(so: route add 192.168.6.0 mask 255.255.255.0 192.168.4.10 metric 1 -p
where 192.168.6.0. is the new network and 192.168.4.10 is the ip address
of
the layer 3 switch mentioned above).

Yes.
You don't have to add the metric or the interface, those are automatic.

"Route Add -p 192.168.6.0 mask 255.255.255.0 192.168.4.10"

2. Go into ISA and add the new IP range (192.168.6.0 - 192.168.6.255) to
the
current Internal network list.

Yes.

So I shouldn't have to add any NAT rules or Routes in the ISA network
configuration?

No. Nothing.
The entire LAN, all subnets, are all rolled together as part of the same
Internal ISA Network.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


.

Relevant Pages

  • Re: F5 or ISA to protect Exchange front-end ?
    ... Cisco one that allows to configure ACL and allow only necessary ports to the ... Besides your wise observation on the support issues, does this layer 3 ... switch to protect the front-end instead of ISA make sense? ...
    (microsoft.public.exchange.design)
  • Re: Forest/Domain in the "DMZ" to accomodate web, front-end servers
    ... Now as for ISA 2004 being a seamless application layer inpspection security ... out of it too, but I have 500 servers, and 3000 desktops to worry about. ...
    (microsoft.public.security)
  • RE: Use of Taps for IDS
    ... this is a layer 1 (physical ... Note that this usually requires all the ports to be of a single ... of each connected machine whenever a frame is sent. ... the switch typically floods ALL ports with the ...
    (Focus-IDS)
  • Re: VPN Design - is it possible?
    ... >> you can have the two ISPs converge at a device outside the PIX A, ... the PIX to a switch and connect the switch to the two routers, ... appropriate "only one switch active at a time" failover logic. ... convertor is still up) Can the device discover the layer 1 failure by ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
    ... Layer 2 devices like switches have to forwrd layer 3 multicast packets out ... Protocol (IGMP) and Multicast Listener Discovery Snooping Switches. ... In the case of IP multicast traffic, an IGMP snooping switch provides ...
    (Firewall-Wizards)