Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Adding and routing a new subnet
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Adding and routing a new subnet - 5.Sep.2008 10:06:16 AM
|
|
|
mike@qmi
Posts: 2
Joined: 5.Sep.2008
Status: offline
|
I just started with this company I am very new to ISA Server 2006. Bascially we have the 'Internal' network setup as 192.168.50.1/255. Based on growth of network devices and PC's, we have run out of IP Addresses. I wanted to add 192.168.51.1/255 all setup the DHCP Server to assign these addresses to PC's and keep the 192.168.50.x for all of the network devices since many are hard coded with IP's. I went into ISA Server 2006 and added the new Range to the Internal network setup. I also added a new IP Address to the internal adapter of the ISA server. I then configured a laptop with a static 192.168.51.x IP Address and used the new address on the ISA Server as the gateway.
I seem to be able to access internal servers and internal traffic just fine. But when I try to get past the ISA Server to our remote location over the VPN, or just out the Internet, it is so slow, it times out almost every other time. I don't understand why that would be since the range was just added to the 'Internal' network which already has all of the configurations from our 192.168.50.1/255 network. Any thoughts or ideas would be appreciated. Thanks, Mike
|
|
|
|
|
RE: Adding and routing a new subnet - 5.Sep.2008 1:29:37 PM
|
|
|
pwindell
Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
quote:
went into ISA Server 2006 and added the new Range to the Internal network setup.
If you mean the Address Tab of the Internal Network Definition,..yes,..perfect
quote:
I also added a new IP Address to the internal adapter of the ISA server.
No, no, no, no. Remove that.
After you fix that above:.....
......To add another IP Range to the LAN you have to add another Network Segment.......To add another Network Segment you have to add a LAN Router to "sit" between the two Network Segments. By your description the ISA is not going to be that router (which I think is good).
On the ISA you need to open a command prompt and create a new Static Route (using "route add -p") that tells the ISA to use the new LAN Router as the "gateway" to that new IP Segment of 192.168.51.0 and also any other VPN remote segment. I perfer to use the whole 192 RFC range, but that isn't always appropriate:
Route Add -p 192.168.0.0 mask 255.255.0.0 <IP# of LAN router>
If you also have a Site-to-Site VPN based on an additional VPN Device, then that VPN device becomes nothing more than an additional LAN Router on the LAN besides the new one you added. The fact that the Line Protocol is VPN is totally irrelevant. The network on the opposite end of the VPN must be treated just like the new one you added. The Range needs to be added to the Address Tab of the Internal Network Definition on the ISA in the same way.
Now the LAN Routing scheme itself,..simple,...all machines at your physical location must use the new LAN Router as the Default Gateway,...the LAN Router, in turn, uses the ISA Internal IP# as its Default Gateway, but will also have a Static Route telling it to use the VPN Device as the "gateway" for that particular IP subnet. In other words, the LAN Router is the master decision maker for all routing decisions. The ISA simply sends anything that is not the Internet to the LAN Router.
If you have not designed it this way,..then you need to seriously consider designing it this way. It is the most straight-forward, industry standard way that is the cleanest and easiest and most trouble-free way to deal with it. When something breaks you will know right where it broke, and when something breaks it will not effect as many other areas beyond the immediate area of the problem.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: Adding and routing a new subnet - 5.Sep.2008 2:08:00 PM
|
|
|
mike@qmi
Posts: 2
Joined: 5.Sep.2008
Status: offline
|
Thanks for the quick response. The other side of the VPN is an ISA server as well. I will try these suggestions over the weekend and report back. Thanks again for the response.
|
|
|
|
|
RE: Adding and routing a new subnet - 5.Sep.2008 3:35:05 PM
|
|
|
pwindell
Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
If your VPN is a Site-to-Site between the two ISA Servers then you ISA will already know how to deal with that. So you can omit any of the "VPN Device" comments from my last post because I was assuming it was a separate Device.
The LAN Router wouldn't have to worry about the segment on the other side of the VPN because the ISA would already be the Router's Default Gateway and the ISA is also the "gateway" to the VPN'ed segment, so it kind of kills two birds with one stone. It would not hurt to have a Static Route to tell it the same thing,..but it would kinda be redundant.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
