Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA with multiple subnets

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> ISA with multiple subnets Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA with multiple subnets - 26.Jun.2008 6:20:22 AM   
nabreu

 

Posts: 1
Joined: 26.Jun.2008
Status: offline 		Hi!
I have the following problem that i canīt find a solution.
I have 1 SBS server IP 192.168.92.200 and a ISA server with 1 NIC IP 192.168.92.205.
SBS has Exchange, DHCP, DNS and RAS (I think that the problem might be here. RAS should probably be configured on server with ISA)
ISA is configured as web proxy only.
There are 3 subnets: 192.168.92.*;192.168.93.*;192.168.94.*
All workstations on all subnets have no problems accessing the servers.
Workstations can only access resourses on other workstaions on itīs own subnet.
Ex. WS in 192.168.92.* canīt access WS in 192.168.93.*, but have no problems accessing WS in 192.168.92.*.
Iīve done tests and itīs ISA that is doing this. The error is 0xc0040017 "A non SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer".

Can someone please help on what can be causing this ?
Thanks!
Post #: 1
RE: ISA with multiple subnets - 26.Jun.2008 1:35:46 PM   
Rotorblade

 

Posts: 845
Joined: 27.Feb.2007
Status: offline 		Hi,

Are the sub's defined/included in the ISA internal network range?

Do you have persistent static routes defined in the ISA’s routing table for each subnet?

HTH

RB


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to nabreu)
Post #: 2
RE: ISA with multiple subnets - 26.Jun.2008 5:31:07 PM   
Rotorblade

 

Posts: 845
Joined: 27.Feb.2007
Status: offline
quote:


Workstations can only access resourses on other workstaions on itīs own subnet.
Ex. WS in 192.168.92.* canīt access WS in 192.168.93.*, but have no problems accessing WS in 192.168.92.*.


What R U using for the router?

quote:

 
Iīve done tests and itīs ISA that is doing this. The error is 0xc0040017 "A non SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer".


If the above is true then don't use ISA as the router and the client's default GW! With running in "hork mode" SecureNAT is not supported!

quote:

 

referenced from:
http://www.microsoft.com/technet/isa/2004/plan/single_adapter.mspx

  • SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. Because the Firewall service is not available in a single network adapter configuration, such requests are not supported.



    • quote:


    (I think that the problem might be here. RAS should probably be configured on server with ISA)


    Not a good idea!

    HTH

    RB

    _____________________________

    David Melvin
    Ohio
    MCSE: Security 2003, MCSA:Security 2003

    (in reply to nabreu)
    Post #: 3

    Page:   [1] << Older Topic    Newer Topic >>
    All Forums >> [ISA Server 2004 General ] >> Installation >> ISA with multiple subnets Page: [1]
    Jump to:

    New Messages No New Messages
    Hot Topic w/ New Messages Hot Topic w/o New Messages
    Locked w/ New Messages Locked w/o New Messages
     Post New Thread
     Reply to Message
     Post New Poll
     Submit Vote
     Delete My Own Post
     Delete My Own Thread
     Rate Posts