Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
2 subnets, routers, and exchange
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
2 subnets, routers, and exchange - 26.Aug.2004 6:35:00 AM
|
|
|
BobW
Posts: 200
Joined: 27.Mar.2002
Status: offline
|
We have two subnets separated by routers; 192.168.2.0 and 192.168.5.0. My main location, where ISA sits, is in 192.168.2.0. ISA acts as our gateway for all internet access for both subnets. NOTE: It used to be ISA 2000 which does not act as a firewall on the internal interfaces.
I have all of the servers in 192.168.2.0 pointing to the internal router 192.168.2.25 which then directs traffic as necessary to the remote subnet or the ISA box. HOWEVER, for some reason (please enlighten me if you can!) the email being sent out by our internal Exchange server does not want to go out when it is pointing to the internal router 192.168.2.25. I can tracert, nslookup etc no problem. NOTE: The router does have a route to 192.168.5.x and one to the ISA as it's gateway.
So, I change the gateway to our ISA box. Since ISA 2004 acts as a firewall on the internal side as well, it can NOT act as a true router. Thus some of the traffic which is meant to get to 192.168.5.x gets stopped at the ISA 2004 box. There was alot of traffic showing denied with unknown protocol coming from Exchange.
SOOOO, after beating on it for a while I simply pointed the Exchange server towards ISA and added a persistent route on my exchange server to the remote subnet 192.168.5.x.
Any thoughts on why/how etc the above could have occurred?
Is there a better way to handle it?
Am I correct that ISA 2004 can NEVER act as a true router for internal traffic?
Thanks,
Bob
Interestingly enough, while watching the live logging in ISA, the outgoing SMTP traffic seemed to be going through to the external servers. But the queues in exchange never closed and gacve numerous different errors.
[ August 26, 2004, 06:39 AM: Message edited by: BobW ]
|
|
|
|
|
RE: 2 subnets, routers, and exchange - 26.Aug.2004 10:29:00 AM
|
|
|
andrew.toon
Posts: 26
Joined: 22.Jul.2004
Status: offline
|
Hi Bob,
I'm not sure if it's a good idea or not to get the ISA server to act as a router, however I belive it should work.
You may need to add a rule to allow you internal trafic access to the other subnet. If you create a subnet entity in the "Network Objects" toolbox, you can then create a rule allowing Internal using "All Protocols" access to this subnet.
Andrew
|
|
|
|
|
RE: 2 subnets, routers, and exchange - 26.Aug.2004 5:15:00 PM
|
|
|
BobW
Posts: 200
Joined: 27.Mar.2002
Status: offline
|
I certainly agree about not using the ISA box as a router, and that is why I was trying to use my internal router to sort the traffic before the ISA box saw it. BUt then my outgoign email choked!
But, it didn't work...so I tried to use the ISA to route some internal, which did not work because of the firewall not recognizing all of the internal traffic....
I guess the real question is why the Exchange server coudl not complete it's SMTP connectiosn while not using the ISA box as it's primary gateway!
Thanks for your reply,
Bob
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
