Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Simple routing between branches

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Simple routing between branches Page: [1]
Login
Message << Older Topic   Newer Topic >>
Simple routing between branches - 8.Oct.2007 7:34:17 AM   
cristiangafotas

 

Posts: 6
Joined: 8.Oct.2007
Status: offline 		(Repost from the general installation section, more appropiate here)
I have been working with a new firewall deployement with ISA Server 2006 for a week now with no success. This is driving me nuts so I am asking the gurus out there to help me out, or at least give some new ideas.

I have the following setup already deployed:
Two private LAN's:
- LAN A with 172.24/B addresses Router A is 172.24.0.99
- LAN B with 192.6.2./C addresses Router B is 192.6.2.1

They are interconnected using Teldat routers (Let's say routers A and B) using IPSEC tunnel. Everything works fine.

I want to deploy an ISA 2006 between LAN A and Router A, with two NICS (perimeter firewall). In order to do this, i've created a DMZ with 192.168.234/C addresses. The DMZ has two devices connected, Router A has become 192.168.234.1 and ISA Server has 172.24.0.97 and 192.168.234.2 addresses, one for each of its two NICS.

The VPN still works fine, no problems with that setup (discarded problems with that first)

I have used the edge firewall template and defined the internal network to be net 172.24/B
Default router for ISA server is 192.168.234.1

I have added the B network definition to be the range 192.6.2.0-192.6.2.255
I have added a network rule to route (no NAT) all traffic between internal network (172.24/B and B network 192.6.2/C)

I have added firewall rules to allow PING protocol from A to B to progress.

The log shows that ISA is dropping the packets (recognizes correctly the protocol, origin and destination) but discards them with reason FWX_E_UNREACHABLE_ADDRESS

Searched this forums but could not find an answer.

I then reseted the whole config. and added a network rule to allow all external traffic to be progressed to internal network (no NAT)
Then added a firewall policy to progress all traffic between PCS in 192.6.2/C network and internal, and pings and all traffic (you bet!) started working.
As soon as I change back the network rule to be more restrictive network (B and internal) ISA stops progressing traffic. Have tried adding B network to the internal networks definition, adding a definition for LAN A, no luck

Anybody has any idea what is going on?
I was just wondering why the more restrictive setup did not work, obviously there is something I am missing.

Thanks in advance for reading so far/your help,
Cristian
Post #: 1
RE: Simple routing between branches - 8.Oct.2007 11:53:41 AM   
cristiangafotas

 

Posts: 6
Joined: 8.Oct.2007
Status: offline 		Enrico answered this on other therad. If you are interested click on http://forums.isaserver.org/What_I_thought_was_a_%22Simple_Setup%22/m_2002054777/tm.htm

Cristian

(in reply to cristiangafotas)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> Simple routing between branches Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts