Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
'Internal ISA Routing' problem. Very strange need some light.
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
'Internal ISA Routing' problem. Very strange need some... - 19.Feb.2004 10:25:00 PM
|
|
|
penrose.l@2college.nl
Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline
|
I thought I would post my problem here on the boards ,
maybe you have an answer to my problem :
I am running an ISA 2K4 server on 3 networks :
Resource Lan (type internal): Servers
Internal Lan (type internal): client workstations
Internet Lan (type external): External hosts
I have configured a ROUTE relationship between our
workstation network and our server network.
I additionally define some firewall rules for basic network
connectivity such as kerberos / rpc / netbios etc )
I can ping fine from 1 network to the other and vice versa.
The problem starts when for some reason I would like to put 1 of our servers on BOTH networks Internal and Resource.
What happens is the following :
I ping from workstation1 (internal network) to the RESOURCE nic on server1( which is on both networks ).It will go to the DG of my workstation which is the ISA internal NIC ) . What happens now :
Normally my packet goes to the internal nic of my ISA , then within ISA server , it routes from internal to resource, and will ping the server on the resource nic. the server sends
the ping reply back over the resource nic ( since it recieved the ping request there ) , and the ISA server routes the ping back to the internal NIC and everything is fine.
BUT :
If I do the same again , the ISA server looks at the routing table , and sees that the server can also be accessed by another nic and decides to NOT route the request ( since it now thinks it's easier to send it to the internal NIC because it can also be accessed ) and send the request over the internal network card. Then strange things happen and the packet gets lost somewhere among the other unidentified IP traffic...
SOMEHOW , the routing within ISA server worked better than anticipated , because it routed my packet destined for resource lan to internal lan.
I hope you guys still understand what I'm trying to explain , it's quite an issue and hard to put onto paper.
Ofcourse I have tried all kinds of things ( like making the network adapter IP of ISA it's own network ) but to no avail.
Then there's another issue : where can I see what IP addresses are bound to 'localhost' ? ( only 127.0.0.1 ? ) Is localhost gotten from the host file located in /etc folder ? Or is it just the same name ?
That's all !["[Smile]"](/image/smiles/smile.gif "\"\"")
Hope you can help me with this one.
Kind regards,
Lex Penrose
penrose.l@2college.nl !["[Confused]"](/image/smiles/confused.gif "\"\"") 
|
|
|
|
RE: 'Internal ISA Routing' problem. Very strange need ... - 19.Feb.2004 10:30:00 PM
|
|
|
penrose.l@2college.nl
Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline
|
Then strange things happen and the packet gets lost somewhere among the other unidentified IP traffic...
This means : there's no explicit allow rule in my firewall policy to enable the server1-internalNIC to ping the workstation1 and thus the packet is dropped.
There _is_ an allow rule from server1-resourceNIC to ping the workstation1.
|
|
|
|
|
RE: 'Internal ISA Routing' problem. Very strange need ... - 20.Feb.2004 12:00:00 PM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Lex,
That is an unusual one! How can the same server be on two networks?
Thanks!
Tom
|
|
|
|
|
RE: 'Internal ISA Routing' problem. Very strange need ... - 21.Feb.2004 1:53:00 PM
|
|
|
penrose.l@2college.nl
Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline
|
oh sorry for not mentioning , the servers are all multihomed. ( 2 NICs in 2 networks )
Kind regards,
Lex penrose
|
|
|
|
|
RE: 'Internal ISA Routing' problem. Very strange need ... - 23.Feb.2004 1:04:00 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Lex,
Thanks!
Tom
|
|
|
|
|
RE: 'Internal ISA Routing' problem. Very strange need ... - 27.Mar.2004 10:53:00 PM
|
|
|
penrose.l@2college.nl
Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline
|
ok the test results very very short :
Due to all kind of limitations ( I even start to suspect an ISA built-in 'feature' there's loads of problems NLB'ing 2 ISA 2004 Beta 2 servers ).
Especially TCP is a pain. RPC and 'net use' commands are very unpredictable ( well.. the only thing you can predict is that it won't work like it should ) but ping will work so you tend to get false hope. So my advice is : stay away from NLB.
Then we used Rainwall and everything is working fine.
Conclusion : Use Rainwall and not NLB.
|
|
|
|
|
RE: 'Internal ISA Routing' problem. Very strange need ... - 29.Mar.2004 4:42:00 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Lex,
RainWall is an EXCELLENT product! Good to hear that its working nicely for you.
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
