Re: How to add static routes to ISA Server



Hi,

That article is interesting and in my scenario - I think the following apply

(i) Client Connections from a Remote Subnet denied

and I have applied the solution of "creating a default route on the local
internal hosts for all remote internal subnets"

at first didn't quite get what this means ... but after some thought i
realise.

Is their no way to automate so that I don't have to use

route -p add 192.168.10.0 mask 255.255.255.0 10.10.250.2

on all the computers that someone from p3 wants to access. Will RRAS allow
me to do this?





"Sanjay Mehta" wrote:

Hi,

Its seems that the first rule is allowing traffic in and then something else
is denying it

http://www.box.net/shared/ih1iizylf1
http://www.box.net/shared/2z67oghajx


Not sure what it is.


"Jim Harrison (ISA SE)" wrote:

See if http://www.microsoft.com/technet/isa/2004/plan/ts_networks.mspx helps

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



"Sanjay Mehta" <SanjayMehta@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:845E0C71-002E-458B-8880-3C16C6F969FF@xxxxxxxxxxxxxxxx
Hi,

Even after adding the networks (i.e p2, p3, p4), creating the network rules,
and access rules ... why do we get this error?

http://www.box.net/shared/g5vi3n5kq1

Thanks


"Sanjay Mehta" wrote:

Hi,

I think that the route add should be:

route -p add 10.10.247.0 mask 255.255.255.0 10.10.250.2
route -p add 192.168.10.0 mask 255.255.255.0 10.10.250.2
route -p add 192.168.1.0 mask 255.255.255.0 10.10.250.2

b/c

you want it to represent the whole network and also the subnet should be
255.255.255.0.

Not an individual pc/router/server which would be the case if we use
10.10.247.254


Am i correct?

Thanks

"Sanjay Mehta" wrote:

Hi,

To elaborate I have followed the steps as described below.

However, I am not able to ping computers in p2,p3,p4 and neither are
they
able to ping computers on my side (except for the router i.e.
10.10.250.2)

Pls help.

Thanks

"Vishal" wrote:

Hi,

according to what I am trying to achieve is the following:

"3 static routes, one per remote location, will need to be added to
the
firewall at 10.10.250.1 pointing to the CE device 10.10.250.2 as the
next hop address."


To achieve that I have done the following:

1) created persistant routes using the route command

i.e


route -p add 10.10.247.254 mask 255.255.255.255 10.10.250.2
route -p add 192.168.10.1 mask 255.255.255.255 10.10.250.2
route -p add 192.168.1.1 mask 255.255.255.255 10.10.250.2


2) defined p2, p3, p4 as networks [based on their IP ranges]

http://www.box.net/shared/y5d6bzbbsj

//corrected that to have from 0 to 255, not from
1 to 254.


http://www.box.net/shared/y5d6bzbbsj


3) created the network rules

http://www.box.net/shared/1gcophgahv

http://www.box.net/shared/qqpua6z7ty

http://www.box.net/shared/l6gppmfrf1


4) created the access rules for the networks

http://www.box.net/shared/dy25yk0qyl



However, from my basic understanding no where are we defining on the
isa
server that if its for 192.168.10.2 (eg network destionation p3) then
please
route this to 10.10.250.2

as what the above statement seems to imply?


How do we do that in ISA?

Thanks



"Nick Domukhovsky" wrote:

2) then defining the network for p2

see http://www.box.net/shared/y5d6bzbbsj
If you do not want to receive ISA warnings, make from 0 to 255, not
from
1 to 254.


3) made the network rules


http://www.box.net/shared/1gcophgahv

http://www.box.net/shared/qqpua6z7ty

http://www.box.net/shared/l6gppmfrf1

what i am not sure about is ... Since its private vpn ... is it
supposed to
be a route relationship or NAT?
If you want to make your VPN clients like internal users, you can
simply
add p2 network object to existing network rules ("VPN clients to
internal network" and "Internet access") so your VPN clients will be
routed to internal and NATed to external. Of course, in "Internet
access" rule you should add p2 as source network.



--
With best regards
Nickolay Domukhovsky, MCSA


.



Relevant Pages

  • Re: One computer on 2 networks
    ... On the server take the new "internet Nic" and set it up properly for the ... Create a static route in the OS's routing table that uses the LAN Router ... don't work in the Network Admin Dept. I'm a developer. ...
    (microsoft.public.windows.server.networking)
  • Re: One computer on 2 networks
    ... don't work in the Network Admin Dept. I'm a developer. ... I am working on a project where we need to expose to the internet the ... a Web Server, VPN Server, Remote Desktop. ... So the correct route add syntax would be: ...
    (microsoft.public.windows.server.networking)
  • Re: Weird net connection problem
    ... Lets say that you have your own /24 network that ... The internet knows nothing. ... my sloppy writing - I mean the set of routers that go to make up ... for the high-speed route from the Tunnel to St Pancras not only cut the ...
    (uk.comp.sys.mac)
  • Re: [ubuntu-za] network problem
    ... i was having troble with my network, but i could conect to the ... when i rebooted i could not connect to the internet:< ... You can type "route" at the ... I think) to see which interface is used to send information out. ...
    (Ubuntu)
  • RE: DDoS to microsoft sites
    ... sense that these are network aware. ... The primary difference between the two clients is that the first port scan I ... > - netbios (brute force attack on Administrator account) ... > connected to the Internet. ...
    (Incidents)