Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

do I have to put an ip address for each network on my internal adapter?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> do I have to put an ip address for each network on my internal adapter? Page: [1]
Login
Message << Older Topic   Newer Topic >>
do I have to put an ip address for each network on my i... - 8.Sep.2006 9:00:40 PM   
jwf1776

 

Posts: 7
Joined: 9.Feb.2004
Status: offline 		i'm confused by 2 isa configuration principles.

I've read on isaserver.org that a properly configured dual homed ISA box has no gateway on the internal adapter.

but when I configure the "internal network" setting for my new isa 2006 box to 10.0.0.0-10.255.255.255 it complains (in the event log) that there are "internal networks" that the internal adapter cannot route to and therefore these networks will be dropped as spoofed IPs.  My internal adapter is 10.254.1.249/255.255.0.0 with no gateway and we have many networks in the 10.x.x.x space.

do I have to put an ip address for each network on my internal adapter or is there an easier way to go about this?

thanks
Post #: 1
RE: do I have to put an ip address for each network on ... - 8.Sep.2006 9:07:43 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi jwf1776,

I suggest you first check out:
- http://isaserver.org/articles/2004netinnet.html 
- http://isaserver.org/articles/2004isafirewallnetworks.html

HTH,
Stefaan

(in reply to jwf1776)
Post #: 2
RE: do I have to put an ip address for each network on ... - 8.Sep.2006 9:34:25 PM   
jwf1776

 

Posts: 7
Joined: 9.Feb.2004
Status: offline 		i think the answer here is that i need to change my internal subnet mask to 255.0.0.0 so that my adapter doesn't need a internal gateway

(in reply to spouseele)
Post #: 3
RE: do I have to put an ip address for each network on ... - 8.Sep.2006 9:39:45 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi jwf1776,

maybe or maybe not... I can't tell you without more *exact* info about your network configuration. A little diagram with IP addresses can tell more than thousands words.
In any case, you should *not* have a default gateway on the internal interface. The default gateway should be configured *only* on the interface facing the external network (Internet).

HTH,
Stefaan

(in reply to jwf1776)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> do I have to put an ip address for each network on my internal adapter? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts