Re: RRAS ip routing and ISA

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: bingyeo <bingyeo@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Aug 2009 20:51:02 -0700

"Ace Fekay [MCT]" wrote:

If the config works for your requirements, I would go with it. As for not
being able to access the router on it's .10 interface from the .10 subnet,
which it appears one of the rules may be doing it, assuming that you;ve
defined both subnets as internal, you may be able to add an exception to the
rule? It's been a little while since I've administered an ISA, so I can't
help specifically, but that is what I am preliminarily thinking.

I hope that helps.

Ace

Hi Ace

not sure if you have misread, but the filter is actually done on the RRAS,
not the ISA.
Here's what I have configured:

Internet
|
ISA
10.10.10.7
|
10.10.10 x dg 10.10.10.7
|
10.10.10.250 dg 10.10.10.7
RRAS/NAT <----- the Inbound/Outbound Filters
are configured here
10.10.11.254 dg blank
|
10.10.11.x dg 10.10.11.254

So the filters are actually preventing the 11 subnet from accessing anything
related to 10 subnet directly.
However, even though it has been configured as an Outbound filter, the
10.10.10.250 interface seems to be preventing inbound traffic from the
10.10.10.x network as well (no ping, RDP).

And there is no way to configure exceptions at the RRAS filters, unless
there is some way which I am unaware of. The only options are Allow all
traffic except, or Block all traffic except, and any option you pick applies
to all the filters that you configure.

.

Follow-Ups:
- Re: RRAS ip routing and ISA
  - From: Ace Fekay [MCT]

References:
- RRAS ip routing and ISA
  - From: bingyeo
- Re: RRAS ip routing and ISA
  - From: Bill Grant
- Re: RRAS ip routing and ISA
  - From: bingyeo
- Re: RRAS ip routing and ISA
  - From: Ace Fekay [MCT]
- Re: RRAS ip routing and ISA
  - From: bingyeo
- Re: RRAS ip routing and ISA
  - From: Ace Fekay [MCT]
- Re: RRAS ip routing and ISA
  - From: bingyeo
- Re: RRAS ip routing and ISA
  - From: Ace Fekay [MCT]

Prev by Date: Re: favicon.ico
Next by Date: Re: favicon.ico
Previous by thread: Re: RRAS ip routing and ISA
Next by thread: Re: RRAS ip routing and ISA
Index(es):
- Date
- Thread

Relevant Pages

RE: Multiple Interfaces
... > The word I have is that FreeBSD cannot run two NICs on ... > the same subnet, which is what your included config shows. ... The trick is to configure second interface with netmask 255.255.255.255. ...
(freebsd-net)
Re: RRAS ip routing and ISA
... being able to access the router on it's .10 interface from the .10 subnet, ... So the filters are actually preventing the 11 subnet from accessing anything ... As for RRAS filters, they are limited with rules, and not very robust. ...
(microsoft.public.windows.server.networking)
Re: changing pix internal address
... I have rewritten the config file to reflect what I feel the configuration should look like. ... I cant just ditch the .1 subnet, I got printers workstations, other routers and servers stuck in there. ... :I want to reconfigure the pix to be on 192.168.41.x but not cause ... :can I bind two addresses to the pix internal interface as an intrim ...
(comp.dcom.sys.cisco)
RE: Multiple Interfaces
... The word I have is that FreeBSD cannot run two NICs on ... which is what your included config shows. ... Well, as long as I can tell, one can't have 2 ifaces on the same subnet ... outgoing connections throu a preferred interface which will require a ...
(freebsd-net)
Re: Simple PIX 501 config
... Inside interface 172.31.1.1 255.255.255.0 ... kinda hard when we dont know you present config. ... Cisco Pix 501 ... Also let me know if the subnet mask "255.255.0.0" ...
(comp.dcom.sys.cisco)