Re: How to add static routes to ISA Server

Hi,

Its seems that the first rule is allowing traffic in and then something else
is denying it

http://www.box.net/shared/ih1iizylf1
http://www.box.net/shared/2z67oghajx


Not sure what it is.


"Jim Harrison (ISA SE)" wrote:

See if http://www.microsoft.com/technet/isa/2004/plan/ts_networks.mspx helps

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



"Sanjay Mehta" <SanjayMehta@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:845E0C71-002E-458B-8880-3C16C6F969FF@xxxxxxxxxxxxxxxx
Hi,

Even after adding the networks (i.e p2, p3, p4), creating the network rules,
and access rules ... why do we get this error?

http://www.box.net/shared/g5vi3n5kq1

Thanks


"Sanjay Mehta" wrote:

Hi,

I think that the route add should be:

route -p add 10.10.247.0 mask 255.255.255.0 10.10.250.2
route -p add 192.168.10.0 mask 255.255.255.0 10.10.250.2
route -p add 192.168.1.0 mask 255.255.255.0 10.10.250.2

b/c

you want it to represent the whole network and also the subnet should be
255.255.255.0.

Not an individual pc/router/server which would be the case if we use
10.10.247.254


Am i correct?

Thanks

"Sanjay Mehta" wrote:

Hi,

To elaborate I have followed the steps as described below.

However, I am not able to ping computers in p2,p3,p4 and neither are
they
able to ping computers on my side (except for the router i.e.
10.10.250.2)

Pls help.

Thanks

"Vishal" wrote:

Hi,

according to what I am trying to achieve is the following:

"3 static routes, one per remote location, will need to be added to
the
firewall at 10.10.250.1 pointing to the CE device 10.10.250.2 as the
next hop address."


To achieve that I have done the following:

1) created persistant routes using the route command

i.e


route -p add 10.10.247.254 mask 255.255.255.255 10.10.250.2
route -p add 192.168.10.1 mask 255.255.255.255 10.10.250.2
route -p add 192.168.1.1 mask 255.255.255.255 10.10.250.2


2) defined p2, p3, p4 as networks [based on their IP ranges]

http://www.box.net/shared/y5d6bzbbsj

//corrected that to have from 0 to 255, not from
1 to 254.


http://www.box.net/shared/y5d6bzbbsj


3) created the network rules

http://www.box.net/shared/1gcophgahv

http://www.box.net/shared/qqpua6z7ty

http://www.box.net/shared/l6gppmfrf1


4) created the access rules for the networks

http://www.box.net/shared/dy25yk0qyl



However, from my basic understanding no where are we defining on the
isa
server that if its for 192.168.10.2 (eg network destionation p3) then
please
route this to 10.10.250.2

as what the above statement seems to imply?


How do we do that in ISA?

Thanks



"Nick Domukhovsky" wrote:

2) then defining the network for p2

see http://www.box.net/shared/y5d6bzbbsj
If you do not want to receive ISA warnings, make from 0 to 255, not
from
1 to 254.


3) made the network rules


http://www.box.net/shared/1gcophgahv

http://www.box.net/shared/qqpua6z7ty

http://www.box.net/shared/l6gppmfrf1

what i am not sure about is ... Since its private vpn ... is it
supposed to
be a route relationship or NAT?
If you want to make your VPN clients like internal users, you can
simply
add p2 network object to existing network rules ("VPN clients to
internal network" and "Internet access") so your VPN clients will be
routed to internal and NATed to external. Of course, in "Internet
access" rule you should add p2 as source network.



--
With best regards
Nickolay Domukhovsky, MCSA


.

Relevant Pages

  • Re: Internet Intermittent Connection
    ... Here are my IPs for the network: ... ISA Internal NIC: 192.168.100.1 ... Modem External: Public IP Address ... I have an intermittent Internet connection that has been going on for ...
    (microsoft.public.isa)
  • Re: Disable dynamic route entries in Windows 2003?
    ... and how they're configured/managed by the network folks. ... My ISA servers have two NIC's: one in a VLAN that is an "internal" DMZ, ... So, from the standpoint of ISA Server, there are two separate interfaces ... the "Internal VLAN can NOT route to the Internet VLAN, ...
    (microsoft.public.windows.server.networking)
  • Re: One computer on 2 networks
    ... On the server take the new "internet Nic" and set it up properly for the ... Create a static route in the OS's routing table that uses the LAN Router ... don't work in the Network Admin Dept. I'm a developer. ...
    (microsoft.public.windows.server.networking)
  • RE: ISA 2004 help please
    ... network, and I have set that as the gateway on those machines. ... When I set a persistant route on ... the server to their addresses (how I configured the ISA 2000 serverand they ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)