Re: How to add static routes to ISA Server
- From: Sanjay Mehta <SanjayMehta@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Apr 2007 12:28:03 -0700
Hi,
I think that the route add should be:
route -p add 10.10.247.0 mask 255.255.255.0 10.10.250.2
route -p add 192.168.10.0 mask 255.255.255.0 10.10.250.2
route -p add 192.168.1.0 mask 255.255.255.0 10.10.250.2
b/c
you want it to represent the whole network and also the subnet should be
255.255.255.0.
Not an individual pc/router/server which would be the case if we use
10.10.247.254
Am i correct?
Thanks
"Sanjay Mehta" wrote:
Hi,.
To elaborate I have followed the steps as described below.
However, I am not able to ping computers in p2,p3,p4 and neither are they
able to ping computers on my side (except for the router i.e. 10.10.250.2)
Pls help.
Thanks
"Vishal" wrote:
Hi,
according to what I am trying to achieve is the following:
"3 static routes, one per remote location, will need to be added to the
firewall at 10.10.250.1 pointing to the CE device 10.10.250.2 as the
next hop address."
To achieve that I have done the following:
1) created persistant routes using the route command
i.e
route -p add 10.10.247.254 mask 255.255.255.255 10.10.250.2
route -p add 192.168.10.1 mask 255.255.255.255 10.10.250.2
route -p add 192.168.1.1 mask 255.255.255.255 10.10.250.2
2) defined p2, p3, p4 as networks [based on their IP ranges]
http://www.box.net/shared/y5d6bzbbsj
//corrected that to have from 0 to 255, not from
1 to 254.
http://www.box.net/shared/y5d6bzbbsj
3) created the network rules
http://www.box.net/shared/1gcophgahv
http://www.box.net/shared/qqpua6z7ty
http://www.box.net/shared/l6gppmfrf1
4) created the access rules for the networks
http://www.box.net/shared/dy25yk0qyl
However, from my basic understanding no where are we defining on the isa
server that if its for 192.168.10.2 (eg network destionation p3) then please
route this to 10.10.250.2
as what the above statement seems to imply?
How do we do that in ISA?
Thanks
"Nick Domukhovsky" wrote:
2) then defining the network for p2If you do not want to receive ISA warnings, make from 0 to 255, not from
see http://www.box.net/shared/y5d6bzbbsj
1 to 254.
If you want to make your VPN clients like internal users, you can simply
3) made the network rules
http://www.box.net/shared/1gcophgahv
http://www.box.net/shared/qqpua6z7ty
http://www.box.net/shared/l6gppmfrf1
what i am not sure about is ... Since its private vpn ... is it supposed to
be a route relationship or NAT?
add p2 network object to existing network rules ("VPN clients to
internal network" and "Internet access") so your VPN clients will be
routed to internal and NATed to external. Of course, in "Internet
access" rule you should add p2 as source network.
--
With best regards
Nickolay Domukhovsky, MCSA
- Follow-Ups:
- Re: How to add static routes to ISA Server
- From: Sanjay Mehta
- Re: How to add static routes to ISA Server
- References:
- Re: How to add static routes to ISA Server
- From: Nick Domukhovsky
- Re: How to add static routes to ISA Server
- From: Vishal
- Re: How to add static routes to ISA Server
- From: Sanjay Mehta
- Re: How to add static routes to ISA Server
- Prev by Date: Report Help
- Next by Date: RE: strange behavior
- Previous by thread: Re: How to add static routes to ISA Server
- Next by thread: Re: How to add static routes to ISA Server
- Index(es):
Relevant Pages
|
Loading
