Re: RPC Publishing and Internal Network routing.

Philip thanks for the reply.

What you say all sounds so easy yet I cannot seem to get it working.. One of
the reasons I upgraded isa 2004 to 2006 was to see if ISA 2006 allowed
additional means of fixing this issue.

I had in isa 2004 added the ip addresses of my subnet (vlan) to the network
tab then got errors like below as well as adding the ip addresses to the
internal nic(I take it I do not need to do this ;just in ISA under the
network definitions).

"ISA Server detected routes through the network adapter INTERNAL that do not
correlate with the network to which this network adapter belongs. When
networks are configured correctly, the IP address ranges included in each
array-level network must include all IP addresses that are routable through
its network adapters according to their routing tables. Otherwise valid
packets may be dropped as spoofed. The following ranges are included in the
network's IP address ranges but are not routable through any of the network's
adapters: 10.0.0.225-10.0.0.225;. Note that this event may be generated once
after you add a route, create a remote site network, or configure Network
Load Balancing and may be safely ignored if it does not re-occur." For 2006 I
tried the following adding a additional network with a route propertie
between my two internal networks. Since your solution is diffrent I will go
and remove this.

Also the second part of your answer I dont really have a router except for
the switch with the vlan acting sort of like one. It will route traffic from
the vlan ip range to my other internal range.

ISA then becomes the problem as the default gateway all traffic gets sent to
it to route and isa blocks the traffic.

I will add the additional subnet static routes on isa and see.
--
General System Admin and IT manager


"Phillip Windell" wrote:

"Ricus" <Ricus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C69CFD47-5BCC-4070-A8F6-41F4882D0464@xxxxxxxxxxxxxxxx

Just more info about the routing the vpn is not setup by isa but is
seperate.
But I also want to route to another internal network(vlan) on my internal
network and I feel if I can get this working then since the vpn is another
network internal to isa I should be able to get that running too once I
get
isa to route to my other internal subnet(vlan).

Ok, so,..from the ISA's perspective the VPN just simply does not exist,...it
is nothing more than an additional Subnet runing behind the ISA. The fact
that it is a VPN or not is just irrelevant.

So there is two steps to that:

1. Take the IP Range of *all* your LAN Segments and also the IP Range of the
network on the other end of the VPN and add them to the Internal Network
Definition under tha Addresses Tab

2. Pick one LAN Router (you have to have one somewhere if you have another
Segment). This LAN Router should "smart" enough to know how to get to all
Segments, including the VPN segment. Then you create a static route in the
OS's Routing Table on the ISA that tells it to use this LAN Router for the
path to the other LAN Segments (which includes the VPN). If you cannot
make it that simple than you can use more than one static route, and just
add another static route that tells ISA to use the VPN Device as the path to
the addresses of the Segment on the other end of the VPN.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------



.

Relevant Pages

  • Re: Internet Intermittent Connection
    ... Here are my IPs for the network: ... ISA Internal NIC: 192.168.100.1 ... Modem External: Public IP Address ... I have an intermittent Internet connection that has been going on for ...
    (microsoft.public.isa)
  • Re: Disable dynamic route entries in Windows 2003?
    ... and how they're configured/managed by the network folks. ... My ISA servers have two NIC's: one in a VLAN that is an "internal" DMZ, ... So, from the standpoint of ISA Server, there are two separate interfaces ... the "Internal VLAN can NOT route to the Internet VLAN, ...
    (microsoft.public.windows.server.networking)
  • Re: One computer on 2 networks
    ... On the server take the new "internet Nic" and set it up properly for the ... Create a static route in the OS's routing table that uses the LAN Router ... don't work in the Network Admin Dept. I'm a developer. ...
    (microsoft.public.windows.server.networking)
  • RE: ISA 2004 help please
    ... network, and I have set that as the gateway on those machines. ... When I set a persistant route on ... the server to their addresses (how I configured the ISA 2000 serverand they ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)
Loading