Welcome to ISAserver.org

ROUTE ADD

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> ROUTE ADD

Page: [1]

Message

<< Older Topic Newer Topic >>

ROUTE ADD - 5.Feb.2010 10:49:49 PM

THX

Posts: 104
Joined: 8.Aug.2007
Status: offline

Is it a requirement when you add a static route to ISA Server 2006 that these routes exist in the Internal network definition?

Post #: 1

Featured Links*

RE: ROUTE ADD - 6.Feb.2010 7:25:44 AM

paulo.oliveira

Posts: 3470
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

acctually, it is not the routes, you must add all network ranges behind that interface on ISA Internal Network definition.

Regards,
Paulo Oliveira.

_____________________________

Microsoft MVP - Forefront
MCP - ISA Firewall 2004
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to THX)

Post #: 2

RE: ROUTE ADD - 6.Feb.2010 8:42:44 AM

THX

Posts: 104
Joined: 8.Aug.2007
Status: offline

Can you be more specific in your answer? I'm not sure I understand your response.

My network layout is as follows:

Internal = 192.168.1.0/24
Perimeter 1 = 172.16.0.0/22
Perimeter 2 = 10.0.0.0/8
External = The Internet

Let's say I input the following command on ISA:

ROUTE ADD 10.0.0.0 MASK 255.0.0.0 192.168.1.3 -P

When I try to ping from Perimeter 1 to Perimeter 2 I see the following error:

0x0 0xc004002d FWX_E_UNREACHABLE_ADDRESS

I have an network rule setup to route between Perimeter 1 and Perimeter 2.

I suspect it has something to do with the fact that I am trying to route a Perimeter subnet (10.0.0.0/8) through an Internal subnet due to my ROUTE ADD statement but I wanted to check with you all to confirm this.

< Message edited by THX -- 6.Feb.2010 10:58:36 AM >

(in reply to paulo.oliveira)

Post #: 3

RE: ROUTE ADD - 6.Feb.2010 11:18:19 AM

paulo.oliveira

Posts: 3470
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

I assume this is a typical network behind network scenario. More info on how to configure it:
http://www.isaserver.org/tutorials/Advanced-ISA-Firewall-Configuration-Network-Behind-Network-Scenarios.html

http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a_Complex_Network.html

Regards,
Paulo Oliveira.

_____________________________

Microsoft MVP - Forefront
MCP - ISA Firewall 2004
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to THX)

Post #: 4

RE: ROUTE ADD - 6.Feb.2010 11:23:15 AM

paulo.oliveira

Posts: 3470
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

sorry, have not seen the changes on your post.

In this case, I suppose ISA has 4 NICs, so, you don�t have to add any manual routes, ISA will play route for you.

You just need to create access rules allowing wanted traffic.

Regards,
Paulo Oliveira.

_____________________________

Microsoft MVP - Forefront
MCP - ISA Firewall 2004
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to THX)

Post #: 5

RE: ROUTE ADD - 6.Feb.2010 11:41:46 AM

THX

Posts: 104
Joined: 8.Aug.2007
Status: offline

Actually, I only have three NIC's, which is maybe the problem.

I'll try to create a Visio diagram and post it later as it is difficult to visualize with just text.

(in reply to paulo.oliveira)

Post #: 6

RE: ROUTE ADD - 7.Feb.2010 4:24:54 PM

THX

Posts: 104
Joined: 8.Aug.2007
Status: offline

Ok, I finally got around to creating a Visio diagram of what I am trying to do.

When I try to ping an address from the User's network (172.16.0.0) to an IP address in the remote network (10.0.0.0) it times out and ISA Servers logs the following error:

0xc004002d FWX_E_UNREACHABLE_ADDRESS

Networks:
Internal = 192.168.1.0/8
Perimeter 1 = 172.16.0.0/22
Perimeter 2 = 10.0.0.0/8
External = The Internet

Network Rules:
Perimeter 1 to External = NAT
Perimeter 1 to Internal = Route
Perimeter 1 to Perimeter 2 = Route