i have 3 nic representing the internal, perimeter and the external interface on the isa server 2004.
The configuration for internal nic is 192.168.0.3/24 GW 192.168.0.1, the perimeter nic is 192.168.1.3/24 GW 192.168.1.1 and public ip given by the isp. let assumed that the ip address is 192.168.100.243 GW 192.168.100.241
Our internal client has 3 subnet 10.0.0.0/24 GW 10.0.0.1, 10.1.0.0/24 GW 10.1.0.1 and 10.2.0.0/24 GW 10.2.0.1 connected to a router which configured as 192.168.0.1/24
Our dmz servers were configured using 172.16.0.0/26 GW 192.168.1.1 and connected to a router (192.168.1.1)
i'm able to ping to 192.168.100.241, 192.168.100.243 (other f/wall outside interface) 192.168.0.1, 192.168.0.2 (other f/wall inside interface) 192.168.1.1 and 192.168.1.2 but not to the 10.0.0.0/24, 10.1.0.0/24 ,10.2.0.0/24 and all the dmz servers
From: The Netherlands
My suggestion would be: 1. remove the Gatways form the internal and DMZ network, you only need 1 on the external nic 2. manually add the routes to your internal subnets using route add command 3. Alter the Internal Network to reflect all the subnets you are using internally 4. Check the Firewall Security Policy to see wether you have applyed ICMP protocols to the networks you want to use it
[/edit] Oh and watch out with the 3-leg perimeter setup it creates some NAT network rules between your networks. You might want to check whether you want it to be like this.
[ January 03, 2005, 01:25 PM: Message edited by: bas ]
Put a DNS server ONLY on the internal interface of the ISA firewall. Then configure the DNS server on the internal network to resolve both internal and Internet host names. Finally, create an access rule on the ISA firewall that allows the DNS server to resolve Internet host names.