Re: ISA 2004 and Point-to-point private line ... complicated!

Is it just me, or is it possible that the router simply chokes on trying
to route from a public to a private address?

"TRichards" <richards@xxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:OHm9v#mWGHA.1192@xxxxxxxxxxxxxxxxxxxx:

Ray,

tracert from ISA to a remote host is as follows:
1 <1 ms <1 ms <1 ms 201.150.65.18
2 * * * Request timed out.
3 22 ms 22 ms 22 ms 32RZ791 [192.168.1.109]

tracert from remote host back to a corporate host is as follows:
1 <1 ms <1 ms <1 ms 192.168.1.254
2 31 ms 32 ms 32 ms 192.168.0.1
3 22 ms 22 ms 22 ms <fileserver.FQDN> [201.150.65.6]

Why doesn't the trace from ISA show the remote routers external IP of
192.168.0.2, is this a clue?

Corporat uses subnet 201.150.65.0 but does not actually own the
address. Since all is NAT'd I saw no reason to change, but will at
some point in the future. The 201.150.65.18 you can ping I guess is on
the real public 201.150.65.0

"." <noemails@please> wrote in message
news:OCKT8clWGHA.4484@xxxxxxxxxxxxxxxxxxxxxxx
Can I assume that the tracert from the ISA server to something on the
remote network does work? You said you added the route but you didn't
say whether it had been checked.

You said you had a private line to the remote office, yet the
201.150.65.18 IP address specified below is in fact pingable from the
Internet.

Ray

"TRichards" <richards@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OvXMOMlWGHA.1192@xxxxxxxxxxxxxxxxxxxxxxx
Ray,

Thanks for your response.
ipconfig/all on the remote hosts show the correct DNS Domain suffix
provided by DHCP set in the router.
I originally issued the following command on the ISA server:

route -p add 192.168.1.0 mask 255.255.255.0 201.150.65.18 metric 1

192.168.1.0 is the remote subnet, 201.150.65.18 is the corporate
office Cisco router GW.

Any ideas?

Thanks.


"." <noemails@please> wrote in message
news:uETVDrbWGHA.3332@xxxxxxxxxxxxxxxxxxxxxxx
Are you passing the default DNS Domain suffix by DHCP?

Does a tracert initiated from the ISA server to something in the
remote office get routed the correct way? If not, you'll need to
add a persistent static route on the ISA server to send that
traffic to the Cisco router on your end of the private line.

Ray

"TRichards" <richards@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OicYpqOWGHA.4920@xxxxxxxxxxxxxxxxxxxxxxx
We have been running ISA 2004 SP1 here on our main corporate
network just fine. Remote office and other remote users in various
geographical locations use VPN connection to access corporate
network. We recently added a point-to-point private T1 between
main corporate office and largest remote office. Cisco 1841
routers terminate the P2P at both ends and in turn, plug directly
into switches. DHCP has been setup on the remote office router
with pointers back to corporate office DNS and WINS.

Ipconfig on remote office hosts show all the correct IP, SM, GW,
DNS and WINS.

Remote office users can now directly connect to corporate file
shares and access Internet without a VPN connection.

Remote office user problems:
====================
Outlook without VPN can no longer connect to our Exchange server.
Note: Remote office hosts can ping exchange server by it's name.
Default http://intranet will not resolve, but they can connect to
Internet sites coming back through routers and out corporate ISA
server.

Corporate servers behind ISA are SecureNAT with default GW
pointing to internal ISA NIC. (Is this the problem!?!?)
ISA external NIC GW points to ISP, ISA internal GW is blank.


Partial solutions:
===================
Created an access rule called 'P2P Access' that allows all OB,
from: Internal and Local host, to: Internal and Local host and all
users (recommended by M$ during $245 support call).

Added remote office subnet to Internal Networks on ISA.

Any help in this matter will be greatly appreciated. Thank You.













.

Relevant Pages

  • Re: moving from 2 NIC to 1 NIC and stop using ISA
    ... Without actually going to the server to look, ... Are you using ISA 2006 on your SBS ... NICs and ISA. ... Is the router going to handle IP assignments now? ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS2003 ISA-Compatible Router suggestions?
    ... take place of the double NICs ISA server 2004. ... if you use the router to take place of the ISA ... On the Connection Type page, click Broadband, and then click Next. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISDN Routers w/ Windows Server 2003
    ... You can do the same with either ISA or Proxy2. ... > network server and to the Internet via the Internet router. ...
    (microsoft.public.windows.server.networking)
  • Re: ISDN Routers w/ Windows Server 2003
    ... You can do the same with either ISA or Proxy2. ... > network server and to the Internet via the Internet router. ...
    (microsoft.public.isaserver)
  • Re: Router vor ISA... aber welcher?!?
    ... ich habe mir mal den SMC 7004 VBR besorgt. ... Bei dem Router gibt es die Option PPTP passthrough - ist aktiviert. ... Der Server hat IP Netz 192.168.135.x. Der ISA / SBS Server selbst ...
    (microsoft.public.de.german.isaserver)