ISA & Network behind network

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Helmut Schmalzl (h.schmalzl{at}aon.at)
Date: 11/03/04

• Next message: Eric K: "Blocking HTTP for certian OU"
• Previous message: Ashish Chetal [MSFT]: "RE: OWA Forms-based Authentication in ISA2004"
• Next in thread: Sergio Fonseca [MVP]: "Re: ISA & Network behind network"
• Reply: Sergio Fonseca [MVP]: "Re: ISA & Network behind network"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 3 Nov 2004 21:17:47 +0100

Hello all!
Please pardon my English...
I have installed ISA Server 2004 in a back to back configuration.
The ISA is situated between the internal network and the dmz. The external
firewall is a third party Linux firewall.

Here some details about my configuration:

Internal NIC:
IP: 192.168.2.254 /16

We have a second internal Network (172.16.0.0/16) connected via Router.
I have defined a static route for the communication with this network.
The "internal Networks" definded on the ISA-Server:
172.16.0.0 - 172.16.255.255; 192.168.0.0 - 192.168.255.255
Nearly everything works fine, but...

First question:
Do you think, this configuration is ok?
I ask, because after reboot I get a configuration error that tells me, that
the 172-Subnet does not "belong" to the internal NICs network.

Second question:
How can I prevent the ISA-Server checking the internal traffic between the
192-Net and the 172-Net.

At the moment a lot of packages sent from the 192-Net to the 172-Net are
beeing dropped.
I dont think, the ISA-Server should be interested in regulating the internal
traffic.
I'd like the ISA to regulate only the traffic from internal to external and
vice versa - but not from internal to internal, where a static route is
defined.

How can I achieve this goal?

Thanx in advance.

Greetings from Austria
Helmut

---

• Next message: Eric K: "Blocking HTTP for certian OU"
• Previous message: Ashish Chetal [MSFT]: "RE: OWA Forms-based Authentication in ISA2004"
• Next in thread: Sergio Fonseca [MVP]: "Re: ISA & Network behind network"
• Reply: Sergio Fonseca [MVP]: "Re: ISA & Network behind network"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Witch rule to allow firewal client to connect to isa server ? ... I don't choose the actual configuration. ... First i have put all the network card in the INTERNAL network of isa. ... (microsoft.public.isa) OpenVPN - Implementation ?s ... current network configuration as well as the other end of my proposed ... also access shares on the samba server within my internal network. ... I wasn't sure if I could configure OpenVPN as I have outlined. ... (linux.redhat) Re: How to change Portal URL ? ... On your internal network you create either a static mapping or a ... Next in IIS add the name to the hostheader configuration of your existing ... Create another website using the hostheader of the old server name, ... > Currently, our Portal URL consists of Server name, but we do not want ... (microsoft.public.sharepoint.portalserver) Re: Internal IP address migration ... > the internal network of class C 192.168.0.0/16. ... Depends extremly on your network configuration. ... tweak some server config files. ... I would first change all servers, ... (comp.os.linux.networking) Access to server on internal network ... I have a back to back configuration in ISA. ... is a machine which will need to be accessed by external users. ... Do I just publish the server on the first ISA or second ISA ... can't go on the DMZ as it needs to saty on the internal network. ... (microsoft.public.isa.configuration)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2004-11