Re: Is this a 3-Leg Perimeter scenario?

---

• From: "Richard Cass" <richardcass_AT_NO_SPAM_micronav.co.uk>
• Date: Wed, 18 Jan 2006 15:59:26 -0000

---

Crina,

Many thanks for your reply.

1. I have e-mailed you with a drawing (Visio) as requested.
2. Upon reading my post, I think I may have mislead you. To access the FTP
Server, you use the 10.0.0.11 from within the SBS environment and the
SmoothWall firewall allows traffic through via the Orange NIC. So I would
type http://10.0.0.11/ftp/ and that takes me to a Linux web page that allows
me to set up users, download files etc. I can access the same FTP Server
also by the Public Domain IP address, but it still goes via the SmoothWall
firewall (via Red to Orange NICs).
3. E-mailed as requested.
4. E-mailed as requested

Many thanks
Richard


""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:yedezm$GGHA.3764@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Richard,
>
> Thank you for posting in SBS newsgroup.
>
> To narrow down the problem, would you please help me collect the following
> information?
>
> 1. The detailed network diagram. You can refer to the attached example:
>
> You can draw the diagram on Word and then send the file to me at
> v-crinal@xxxxxxxxxxxxxx
>
> 2. You said "I can access the SmoothWall via the 192.168.16.9 address, but
> am unable to access the 10.0.0.11 address for either SmoothWall or FTP
> Server", where are you accessing 10.0.0.11 from? LAN of SBS, internet or
> FTP server itself?
> 3. Please help me collect the route print on SBS.
>
> Input "route print > c:\route.txt" in Command Line
>
> and then send the route.txt to me.
>
> 4. Collect Ipconfig/all result form SBS, FTP and the client you are
> accessing 10.0.0.11.
>
> I am appreciated your time to help me collecting the above information.
>
> I look forward to hearing from you.
>
> Best regards,
>
> Crina Li (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
>
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> --------------------
> | From: "Richard Cass" <richardcass_AT_NO_SPAM_micronav.co.uk>
> | Subject: Is this a 3-Leg Perimeter scenario?
> | Date: Tue, 17 Jan 2006 14:34:03 -0000
> || Newsgroups: microsoft.public.windows.server.sbs
> ||
> | We have recently applied SBS 2003 SP1 and upgraded to ISA 2004.
> | We have a Linux based firewall (SmoothWall) supporting a Linux based FTP
> server.
> | Setup was like this:
> | SBS2003 with 2 NICs: fixed IP for Internet Connection NIC. The broadband
> modem/router also has a fixed IP .
> | FTP Server: HTTP: http://10.0.0.11 FTP: ftp://10.0.0.11/ of
> ftp://fixed_IP_for_Internet_Connection_IP (same range as SBS IC NIC)
> | SmoothWall firewall: 3 NICs - internal 192.168.16.9:81 (Green) (same
> range as SBS internal); internal 10.0.0.11:81 (orange)
> | The previous setup utilised the PersistentRoutes TCPIP registry setting
> to allow access to the 10.0.0.11 address, and this worked fine with ISA
> 2000
> | Upon upgrading to ISA 2004, it complained in the Event Log as follows:
> | Event Type: Error
> | Event Source: Microsoft Firewall
> | Event Category: None
> | Event ID: 14147
> | Date: 30.12.2005
> | Time: 15:20:45
> | User: N/A
> | Computer: <computername>
> | Description:
> | ISA Server detected routes through adapter Server Local Area Connection
> that do not correlate with the network element to which this adapter
> belongs. For best practice, the address range of an ISA Server network
> should match the address ranges routable through the associated network
> adapter as defined in the routing table. Otherwise valid packets may be
> dropped as spoofed. (This alert may occur momentarily when you create a
> remote site network. You may safely ignore this message if it does not
> reoccur.) The address ranges in conflict are: 10.0.1.0-10.255.255.255;.
> | It also had the same error with the Internet Connection NIC in the
> description.
> | I have removed the PersistenRoutes entry, which was set as
> 10.0.0.0,255.0.0.0, just leaving the data as 192.168.16.9,1 (this was
> there
> previously). I can access the SmoothWall via the 192.168.16.9 address, but
> am unable to access the 10.0.0.11 address for either SmoothWall or FTP
> Server (as would be expected normally). The Event Log errors have stopped.
> | I do not particularly want to install a 3rd NIC to allow me access to
> the
> 10.0.0.11 address as the FTP Server has its own firewall and does not need
> to be behind ISA, but I would appreciate any workaround to allow me this
> access.
> | Thanks in advance,
> | Richard
> |


.

---

• Follow-Ups:
  • Re: Is this a 3-Leg Perimeter scenario?
    • From: "Crina Li"
  • Re: Is this a 3-Leg Perimeter scenario?
    • From: "Crina Li"

• References:
  • RE: Is this a 3-Leg Perimeter scenario?
    • From: "Crina Li"

• Prev by Date: Re: Second Exchange Mailbox
• Next by Date: Re: Is this a 3-Leg Perimeter scenario?
• Previous by thread: RE: Is this a 3-Leg Perimeter scenario?
• Next by thread: Re: Is this a 3-Leg Perimeter scenario?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: R2 w/ISA User type account cannot use my companys internal website ... Alerts\Core Server Alerts ... Microsoft CSS Online Newsgroup Support ... And our product group is still reviewing the impact of the upgrade SBS ... (microsoft.public.windows.server.sbs) Re: R2 w/ISA User type account cannot use my companys internal website ... can refer to the steps below to reinstall the SBS Monitoring component. ... Select Windows Small Business Server 2003 and then click Change/Remove. ... select Microsoft SQL Server Desktop Engine ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: SBS 2003 Premium, Sharepoint, CRM ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... | In regards to Sharepoint Portal server, it looks like it would be best to ... (microsoft.public.windows.server.sbs) Re: publishing multiple websites in ISA 2004 ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... |> hosted off of a second server that is a member server in the network. ... (microsoft.public.windows.server.sbs) RE: path to client not found ... configuration with 1 NIC but with the default gateway to the router ... Ethernet adapter Server Local Area Connection: ... > to SBS IP address on all local clients and leave default gateway on SBS ... > and server side to newsgroup, also make sure that you have run CEICW ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-01