Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Send out traffic with a specific IP?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Send out traffic with a specific IP? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Send out traffic with a specific IP? - 12.Aug.2005 6:22:00 PM   
gquitugua

 

Posts: 6
Joined: 12.Aug.2005
From: Arizona
Status: offline 		""

This is basically the problem I'm having. I want to be able to "meet" my pix rule of any originating traffic from ip address "xxx.xxx.xxx.21". Problem is all traffic leaving the ISA server is leaving tagged with IP of xxx.xxx.xxx.20 which is the ISA's dmz address. Is there a way to configure ISA so any traffic passed via a rule will pass as .21 traffic as opposed to the default .20?

Any help or suggestions would be appreciated. Sorry if the image is huge...in a rush >.<

Thanks,

GQ
Post #: 1
RE: Send out traffic with a specific IP? - 15.Aug.2005 7:42:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi GC,

If you are using private addresses on the DMZ between the PIX device and the ISA firewall, then I believe I have figured out how you can do this.

Tom

(in reply to gquitugua)
Post #: 2
RE: Send out traffic with a specific IP? - 15.Aug.2005 11:27:00 AM   
gquitugua

 

Posts: 6
Joined: 12.Aug.2005
From: Arizona
Status: offline 		Yes Tom,

We are using private addressing in the DMZ. A collegue suggested all we have to do is tell ISA that all outbound smtp traffic leaving ISA to the PIX, tag the traffic with the IP address .21 but I'm by no means an expert with ISA and I don't see how you can do that. If you've figured a way around this issue, I'm most definitely interested in what you've found.

Regards,

GQ

(in reply to gquitugua)
Post #: 3
RE: Send out traffic with a specific IP? - 18.Aug.2005 10:26:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi GQ,

What you need to do is create an ISA firewall network representing the external address on the ISA firewall that you want the source IP address to be.

Then create a Network Rule setting the route relationship between the SMTP server and that ISA firewall Network to Route.

HTH,
Tom

(in reply to gquitugua)
Post #: 4
RE: Send out traffic with a specific IP? - 18.Aug.2005 12:08:00 PM   
gquitugua

 

Posts: 6
Joined: 12.Aug.2005
From: Arizona
Status: offline 		Got it! Was wondering if you could comment on this setup:

I basically add a new network...let's call it "firewall". I gave it the address of the ".21" IP that was needed. (When I specify the IP...do I also need to specify the DMZ adapter in addition?). I then created a network rule for source: internal to "firewall" and set it to route.

Thanks again.

GQ

(in reply to gquitugua)
Post #: 5
RE: Send out traffic with a specific IP? - 18.Aug.2005 3:49:00 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		Insert picture of Clint shaking his head...

quote:
Then create a Network Rule setting the route relationship between the SMTP server and that ISA firewall Network to Route.
I'm trying to wrap my head around how setting the relationship to Route makes the Source IP change. Obviously it works, but I just don't see how it works.

(in reply to gquitugua)
Post #: 6
RE: Send out traffic with a specific IP? - 19.Aug.2005 8:45:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Clint,

It works, but understanding how and why it works is above my pay grade [Wink]

Tom

(in reply to gquitugua)
Post #: 7
RE: Send out traffic with a specific IP? - 19.Aug.2005 7:14:00 PM   
gquitugua

 

Posts: 6
Joined: 12.Aug.2005
From: Arizona
Status: offline 		Hmmm...tried what you said but I get Configuration/Publishing Failures:

Config error: ISA Server detected a network adapter connected to multiple networks: Address xxx.xxx.xxx.21 belongs to network 'Tagged SMTP traffic for use with .21' and address xxx.xxx.xxx.22 belongs to network 'External'.

- I don't know where IP address .22 is coming from [Confused]

Server Publishing Failure: Server publishing rule [SMTP Mail Server (Exchangebox)] failed because there was no valid network listener. For requests to reach the published server there must be a network relationship between the selected listener networks and the published server. This failuer is due to error: 0x8007000d

(in reply to gquitugua)
Post #: 8
RE: Send out traffic with a specific IP? - 29.Aug.2006 2:26:19 PM   
stinkyprimo

 

Posts: 6
Joined: 30.Sep.2005
Status: offline 		Hi, i too have a similar situation to this. I did what you suggested but it does not work..... and how does a route relationship alter the source IP address.... and also a route relationship will only allow the host to talk to the host / network in the route relationship, so how is it supposed to to the outside firewall.

Regards and i hope you can answer this...

cheers

(in reply to tshinder)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Send out traffic with a specific IP? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts