RE: Help with ISA 2004
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Tue, 22 Nov 2005 09:24:57 GMT
Hi Robert,
Thank you for posting in SBS newsgroup.
To narrow down the problem, would you please help me confirm if the network
diagram looks like:
Internet==SBS===LAN1
\\
\\==Router1==Router2==LAN2(remote office)
LAN1 16.x
LAN2 17.x-23.x
The problem may occur when the LAN2 access LAN1, LAN1 send the response to
the gateway (SBS) other than the Router1 so that the request was dropped by
the ISA.
Solution 1:
Step1. Do not use the RRAS to configure the static route.
Step2. Create static routes on the SBS Server (route add 17.x 255.255.255.0
router1, route add 18.x 255.255.255.0 route1, ¡¡ route add 23.x
255.255.255.0 route1).
Step3. Open the ISA management console, navigate to
Configuration->Networks, on the middle pane, double click the Internal
object, go to the Addresses tab, remove all the entries, click Add Adapter
and add the internal NIC.
Step4. Go to the LAN1, manually create static route as following:
Route add 17.x 255.255.255.0 router1
Route add 18.x 255.255.255.0 router1
¡.
Route add 23.x 255.255.255.0 router1 (replace the router1 with the IP)
If you think it is complex to add these routes, you could create a subnet
as 192.168.32.x/255.255.248.0 for the LAN2 so that you only need to add one
static route on the ISA and client.
Solution 2:
Change the network diagram as following:
Internet==SBS== Router1==LAN1
\\
\\== ==Router2==LAN2(remote office)
In this way, the router1 will know the appropriate place the traffic should
be sent to.
Hope the above information help and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Help with ISA 2004
|| From: =?Utf-8?B?Um9iZXJ0IE96b25l?=
<RobertOzone@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Help with ISA 2004
| Date: Mon, 21 Nov 2005 08:15:05 -0800
| | Newsgroups: microsoft.public.windows.server.sbs
|
| I have just completed a migration from SBS2000 prem ed with ISA2003 to
| SBS2003 with SP1 and ISA 2004.
|
| I have several sites connected on the internal side using sonicwall VPN
site
| to site devices. This was working prior to the upgrade but not now.
| Prior to the upgrade all I had to do was add static routes to the RRAS
| pointed to the sonicwall.
| What I did for the new server was add static routes in the RRAS and then
I
| modified the internal network on ISA 2004 from
| 192.168.16.0-192.168.16.255
| to
| 192.168.16.0-192.168.23.255
| Corp site with the SBS is 192.168.16.x
| Remote sites are 17.x thru 23.x
|
| That is not working completely now. Computers are able to log in, but it
| takes a real long time (10minutes - which means it is not routing
correctly.)
| Additionally they are getting other services blocked by the ISA server.
| Prior to upgrade remote site computers were able to RDP to the terminal
| server at the Corp office but now they can't. ISA is blocking them.
| I am able to connect to computers using RDP from Corp site to Remote
sites.
|
| Also a side affect is the remote site computers are getting their
internet
| options set for proxy using the SBS which I don't want.
|
| I have manually set the remote computers to not use proxy so they can get
| out to the internet from their local router. But every time the log in it
| changes back.
|
| I thought I would create a seperate network in ISA called remote sites
| (192,168,17.0 thru 192.168.23.255) and set that network options to not to
use
| firewall proxy or web proxy.
| When I did that I can no longer connect to the remote sites using RDP.
|
| It just keeps getting worse help.
|
.
- Prev by Date: RE: SBS 2003 Backup utilities
- Next by Date: Microsoft Firewall fails to start on server restart
- Previous by thread: RE: SBS 2003 Backup utilities
- Next by thread: Microsoft Firewall fails to start on server restart
- Index(es):
Relevant Pages
|
