• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

NAT external address selection

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> NAT external address selection Page: [1]
Login
Message << Older Topic   Newer Topic >>
NAT external address selection - 2.Dec.2005 3:08:37 PM   
jasho.mendinka

 

Posts: 4
Joined: 2.Dec.2005
Status: offline
Hi Folks,
I am configuring ISA Server 2004, running on Windows Server 2003 SP1 with updates from 30-NOV-2005 and I have a doubt with some specific NAT configuration. The machine has two networks interfaces. Internal interface address and netmask are 192.168.1.254 255.255.255.0.  On the external Interface I have two IP Addresses 172.16.0.233 and 172.16.0.243 and netmask 255.255.255.0


For normal Internet access from internal network machines, I would like NAT to use the external address 172.16.0.233, but, for all the connections directed at our partner company network (range 10.1.1.1/24), I would like ISA2004 to do the NAT using external address 172.16.0.243. Any hints?


I appreciate and help and would like to apologize for eventual double postings.


Best Regards,
Jasho Mendinka
 
Diagram

Internal Clients (192.168.1.1/24)
        |
        |
(internal IP 192.168.1.254)
[ISA 2004]
(external IPs 172.16.0.233, 172.16.0.243)
        ||
        ||--- Partner Company (only accepts connections from IP 172.16.0.243) 

        |
Internet (ISP)
 
 
 
Post #: 1
RE: NAT external address selection - 2.Dec.2005 3:42:25 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
This is a highly requested feature, but ISAa 2004 cannot control the source IP of traffic initiated by an internal host. It will always come from the primary IP (the IP listed in the main dialog of TCP/IP properties).

(in reply to jasho.mendinka)
Post #: 2
RE: NAT external address selection - 2.Dec.2005 3:57:34 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Jasho,

you could solve your problem by changing your design as follows:



Internal --- [ ISA ] --- Internet
               !
               +------- Partner

So, put a third interface in the ISA and use that one to connect to your partner network. Of course, do *not* specify a default gateway on this interface and make sure you assign another Network ID to it. Next, define the necessary persistent static routes for the destinations reachable through this interface.

HTH,
Stefaan

< Message edited by spouseele -- 2.Dec.2005 3:59:40 PM >

(in reply to ClintD)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> NAT external address selection Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts