Welcome to ISAserver.org

Trust domain on remote network

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Trust domain on remote network

Page: [1]

Message

<< Older Topic Newer Topic >>

Trust domain on remote network - 20.Mar.2006 9:46:44 PM

xr7

Posts: 3
Joined: 3.Feb.2006
Status: offline

I have an ISA 2004 back end firewall. One of the internal networks contains my domain controller, on the 192.168.44.x network.
The ISA firewall has 4 interfaces, the ones relevant to my question are its external interface (192.168.151.x) and the internal interface on the 192.168.44.x network.
I am trying to trust a domain on an external (192.168.250.x) network ISA does not have an interface on this network, however its default gateway (192.168.151.1) has a route to the 192.168.250.x network.
So I have created an external network for the 192.168.250.x network, and created a NAT rule from the 192.168.44.x network to the 192.168.250.x network. I then configured an access rule to allow DNS from the 192.168.44.x internal network to the 192.168.250.x external network. When I attempt a DNS lookup from my DC on 192.168.44.x to a DNS server on 192.168.250.x I see that the DNS requst is denied when the ISA external IP attempts to send the NAT'd DNS request, the result code is UNREACHABLE ADDRESS. What have I done wrong?

< Message edited by xr7 -- 20.Mar.2006 11:48:45 PM >

Post #: 1

Featured Links*

RE: Trust domain on remote network - 21.Mar.2006 6:30:47 PM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi XR,

That error indicates that there is no route to the destination network ID.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to xr7)

Post #: 2