Re: Routing and Remote Access - Please Help
From: Doug (Doug_at_discussions.microsoft.com)
Date: 03/24/05
- Next message: svgraue: "URGENT- Help needed with DHCP vendor class configuration"
- Previous message: mymobile: "Re: Dual Gateways"
- In reply to: Phillip Windell: "Re: Routing and Remote Access - Please Help"
- Next in thread: Phillip Windell: "Re: Routing and Remote Access - Please Help"
- Reply: Phillip Windell: "Re: Routing and Remote Access - Please Help"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 24 Mar 2005 09:35:06 -0800
Phil,
Thanks for your help. I was thinking along the same lines but couldn't seem
to nail it down. I kept following the path that the packets might take and
when it got to the firewall, where would it go?, no where. Yesterday, I tried
the exact same thing as your post and just like today, it didn't work. But,
using the info you gave me, I decided to route add everything the same except
the gateway. It makes sense that the gateway 192.168.2.1 won't exist to the
firewall because it needs to route through the router ip of 192.168.1.2 which
is on the same subnet. So this is what I added:
route -p ADD 192.168.2.0 MASK 255.255.255.0 192.168.1.2
and voila it worked! It's amazing how long you can work on something with
only one pair of eyes.
Quick final question for you though. On both subnets, I have to put the
firewall IP 192.168.1.1 in my web brower's proxy settings. Does this sound
correct? I don't get the Internet without using that proxy setting. Before
this, I would use NAT on the client to connect to the firewall without the
proxy setting. Just a side note, my gateway for clients on subnet A are
192.168.1.2 (router nic1) and subnet b is 192.168.2.1 (router nic2). Before
the router I would use gateway 192.168.1.1 (ISA firewall nic) but with only
that subnet and ISA firewall.
"Phillip Windell" wrote:
>
> "Doug" <Doug@discussions.microsoft.com> wrote in message
> news:D375E4D8-E175-4446-9721-129A1F3500AD@microsoft.com...
> > We have a lab set up to test routing and remote access with ISA Server
> 2004.
> > Our current configuration is as follows:
> >
> > Subnet A: 192.168.1.0
> > Subnet B: 192.168.2.0
> >
> > We have conifgured a Windows 2003 Server with 2 NICS and routing and
> remote
> > access (one NIC is attached to subnet A as 192.168.1.2 and other to subnet
> B
> > as 192.168.2.1). We also have an Active Directory Domain controller on
> > 192.168.1.100 with DHCP. We were successful at configuring the router to
> > communicate in both directions with both subnets. We also tested the DHCP
> > relay agent and that worked as well. The problem we cannot seem to figure
> out
> > is that when trying to access the Internet (through ISA firewall), we have
> no
> > luck from 192.168.2.0 without using NAT on the router (not the firewall).
>
> No, no,..get rid of that NAT on the router. That causes the 192.168.1.0
> subnet to become an Untrusted Back-to-Back DMZ, which I doubt very seriously
> is what you want.
>
> The problem is simple. On the ISA the ISA uses the ISP as its DFG, which is
> correct, however there is no gateway on the Internal Nic,..which is also
> correct. But this causes the ISA to have no idea where in the world the 2.x
> subnet is. The solution is to open a simple command prompt on the ISA and
> type:
>
> Route -p 192.168.2.0 Mask 255.255.255.0 192.168.2.1
>
> All done,..simple.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
- Next message: svgraue: "URGENT- Help needed with DHCP vendor class configuration"
- Previous message: mymobile: "Re: Dual Gateways"
- In reply to: Phillip Windell: "Re: Routing and Remote Access - Please Help"
- Next in thread: Phillip Windell: "Re: Routing and Remote Access - Please Help"
- Reply: Phillip Windell: "Re: Routing and Remote Access - Please Help"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
