• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA as default gateway with additional routers on internal Lan

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> ISA as default gateway with additional routers on internal Lan Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA as default gateway with additional routers on inter... - 18.Jan.2006 12:50:39 PM   
rickuk99

 

Posts: 11
Joined: 10.Jan.2002
From: UK
Status: offline
Network as below,

ISA server 10.0.0.1 internal - xx.x.xx.xx external

Additional internal router on 10.0.0.4, which routes to sites on 192.168.0.x and 10.0.1.x

ISA server has routes set for 192.168.0.x and 10.0.1.x to go through the router on 10.0.0.4 all clients use ISA server as default gateway. The 2 internal networks are listed under internal networks on ISA server.

Clients at site 10.0.0.x can ping the other sites and vice versa, I want the ISA server just to route the pakcets to the additional router and not do any packet inspection.  This does not seem to be the case and even with rules set to allow all from internal to internal the ISA server is blocking some packets.

Any ideas on how to make the ISA just route internally?
Post #: 1
RE: ISA as default gateway with additional routers on i... - 18.Jan.2006 4:51:16 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
You should never loopback internal-to-internal.
quote:

Any ideas on how to make the ISA just route internally?

It's not going to happen.  ISA is and always will be a firewall.  You need to change your network layout so that you can put a router between the ISA and the clients and make that router the DG.

Why does the ISA need to be DG?  Do you absolutely need S-NAT?  Can you not use FWC and WP?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to rickuk99)
Post #: 2
RE: ISA as default gateway with additional routers on i... - 21.Jan.2006 6:17:23 AM   
carorieta

 

Posts: 102
Joined: 15.Dec.2005
Status: offline
Hi rickuk99,

ISA doesn't need to inspect the traffic on your intenal network, routing this traffic should be responsability  of the ROUTER ONLY.
When you configured your hosts on 10.0.0.0 with DG = 10.0.0.1, you are forcing the ISA to act as a router.
You need to change their DG to the IP address of the router on that subnet (10.0.0.4), the router knows how to handle the traffic, and packets directed to 192.168.0.X and 10.0.1.X are able to reach their destination.
All  you ned to worry, or ISA needs to worry is about the internet traffic.

Your router needs to have the ISA server as the "gateway of last resource" meaning that any traffic that is not directed to the internal subnets, should be send to ISA firewall
On your router add the last resource gateway:
IP ROUTE ADD 0.0.0.0  0.0.0.0  10.0.0.1

The ISA already knows how to send traffic back to 10.0.1.X and 192.168.0.X (you said you configured ISA to send this traffic to 10.0.0.4)

And YES, ISA won't inspect your Internal traffic, ISA is not routing your internal traffic.

There is not need of Internal to Internal rule

Good luck my friend



_____________________________

carorieta

(in reply to rickuk99)
Post #: 3
RE: ISA as default gateway with additional routers on i... - 21.Jan.2006 11:34:25 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi rickuk99,

you might also check out the folllowing articles:

- http://isaserver.org/articles/2004netinnet.html 
- http://isaserver.org/articles/2004isafirewallnetworks.html 

HTH,
Stefaan

(in reply to carorieta)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> ISA as default gateway with additional routers on internal Lan Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts