Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Subnet internet access
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Subnet internet access - 22.Aug.2006 3:31:12 AM
|
|
|
tbryantasas
Posts: 8
Joined: 22.Aug.2006
Status: offline
|
I am trying to introduce a subnet for internet access only. I have added the subnet as an address range in the internal network and am able to ping the proxy NIC from the subnet and visa versa. I am unable to get out through the firewall to the internet. When we disable the firewall there is no problem with access to the internet. I assumed once the address range was added to the internal network in the firewall rules in ISA2004 all of the rules associated with the internal network would apply to to the new subnet. Am I wrong with this assumption? Any help would be greatly appreciated.
Notes: main internal address range - 172.16.0.0, subnet range - 192.168.0.0.
Thanks.
Tony.
|
|
|
|
|
RE: Subnet internet access - 5.Sep.2006 2:00:41 AM
|
|
|
tbryantasas
Posts: 8
Joined: 22.Aug.2006
Status: offline
|
ISA is installed on the Proxy server and we use the proxy server internal NIC as our default gateway for computers in the 172.16 range (same subnet). For the new subnet we use the address of a proxy server with DHCP installed to give out addresses to its clients. That proxy server has 2 network cards, 1 with a 192.168 address and one with a 172.16 address. On our main proxy with ISA installed, there is a route table entry which represents traffic coming from the 192.168 subnet via the 172.16 NIC of the subnet proxy server, this points to the same interface as our normal default gateway (internal NIC of our main proxy/firewall server).
Thanks again,
Tony.
|
|
|
|
|
RE: Subnet internet access - 5.Sep.2006 2:51:40 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Tony,
OK, I'm still unclear where the ISA Firewalls are and the proxy servers you're using are.
Maybe you have a network diagram? Make sure to call out the ISA Firewalls and the proxy servers and how the ISA Firewalls are communiticating with the proxy servers.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Subnet internet access - 7.Sep.2006 3:33:25 AM
|
|
|
tbryantasas
Posts: 8
Joined: 22.Aug.2006
Status: offline
|
It is an edge firewall. The subnet proxy is not directly connected to the ISA firewall, it is connected to a switch in our internal network. The ISA firewall computer has 3 NIC's (Internal(Internal LAN and subnet), External(Internet), Wireless LAN(out of this equation)).
Cheers,
Tony.
|
|
|
|
|
RE: Subnet internet access - 8.Sep.2006 2:48:10 AM
|
|
|
tbryantasas
Posts: 8
Joined: 22.Aug.2006
Status: offline
|
Hi Tom,
I have changed the diagram to show all of the connections to the ISA server, you can use the same link above. I hope this helps. The wireless is configured as a seperate network which was one of the reasons we upgraded to 2004 for that multiple network functionality. Apart from that, the subnet setup is one we had going successfully under ISA2000 with the same design and a route table entry on the ISA server. There must be some kind of rule we have missed and unfortunately we can't refer back to it. The ISA 2004 import utlity didn't really help us with the importing of our old settings from ISA2000, so we rebuilt the rule set. This subnet is our only stumbling block.
Regards,
Tony.
|
|
|
|
|
RE: Subnet internet access - 10.Sep.2006 6:01:38 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Tony,
OK, this is the Network within a network scenario. You need to include those 192.168 addresses in the definition of the ISA Firewall's default Internal Network and include a routing table entry on the ISA Firewall pointing to the back-end device as its gateway.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Subnet internet access - 12.Sep.2006 4:40:24 AM
|
|
|
tbryantasas
Posts: 8
Joined: 22.Aug.2006
Status: offline
|
Thanks Tom,
We already have those things in place. I double checked the settings in the route table and in the definition of the internal network on the ISA server. Still no luck.
In the diagram there is a text box below the ISA server with the route table entry that is put in, it refers to traffic coming from 172.16.1.180 under the 192.168.0 range.
Regards,
Tony.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
