Re: Second router configuration

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Thanks for response Miles.

Cisco router is located on the the internal sbs network at both sites. I'm
currently studying the reference articles to see if i have configured isa
correctly.

"Miles Li [MSFT]" wrote:

Hello,

Thanks for the update.

According to your description, I understand that you have a dedicated Cisco
router on each site for the connectivity between 2 sites.

It should relate to the ISA and the routing configuration. With the default
configuration, the remote SBS network is recognized as the External network
in ISA. Please make sure that you have set the necessary access rules for
the connectivity between external network and internal network. It is
certain that the ICMP echo (PING return) will be blocked when you attempt
to ping the host from the host network.

As you can see that loosening access control between external network and
internal network will bring in the security issue for internal network. We
recommend that you create a new Network in the ISA (for remote SBS network)
and define the network rule between them as Route. Creating a Route network
relation has the same effect with adding a static routing entry on the SBS
server.

For further investigation, I'd like to know:

1. Where the Cisco router for the connectivity between 2 sites is placed?
Is it in the DMZ (network between the ADSL router and SBS server) or in the
SBS internal network?

More related information for your reference:

Advanced ISA Firewall Configuration: "Network Behind a Network" Scenarios
http://www.isaserver.org/tutorials/Advanced-ISA-Firewall-Configuration-Netwo
rk-Behind-Network-Scenarios.html

Designing An ISA Server Solution on a Complex Network
http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a_Com
plex_Network.html

Hope it helps. If you have any questions or concerns, please do not
hesitate to let me know.



Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



.

Relevant Pages

  • Re: SBS R2 ISA2004 Dark Arts
    ... ISA in SBS as intended or you'll get into trouble. ... I have to get the back firewall configuration to work with the ... network in the rules/policies. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA and PIX 506
    ... > two firewalls protecting the network. ... > configured to do a VPN between locations with a 3 Des encryption. ... > you ended up with a PIX tunnel packaged into a ISA tunnel to the other ... When you added the PIX firewalls did you make any configuration changes to ...
    (microsoft.public.isa.configuration)
  • Re: Witch rule to allow firewal client to connect to isa server ?
    ... I don't choose the actual configuration. ... First i have put all the network card in the INTERNAL network of isa. ...
    (microsoft.public.isa)
  • Re: SBS R2 ISA2004 Dark Arts
    ... Right now the front firewall is not an ISA ... NIC-2 faces the internal "Live" network. ... I have to get the back firewall configuration to work with the ...
    (microsoft.public.windows.server.sbs)
  • Re: Witch rule to allow firewal client to connect to isa server ?
    ... Just don't use ISA server as a router. ... all your internal interfaces into single internal network object. ... You'll got more granular control over client configuration. ...
    (microsoft.public.isa)