Network as below,
ISA server 10.0.0.1 internal - xx.x.xx.xx external
Additional internal router on 10.0.0.4, which routes to sites on 192.168.0.x and 10.0.1.x
ISA server has routes set for 192.168.0.x and 10.0.1.x to go through the router on 10.0.0.4 all clients use ISA server as default gateway. The 2 internal networks are listed under internal networks on ISA server.
Clients at site 10.0.0.x can ping the other sites and vice versa, I want the ISA server just to route the pakcets to the additional router and not do any packet inspection. This does not seem to be the case and even with rules set to allow all from internal to internal the ISA server is blocking some packets.
Any ideas on how to make the ISA just route internally?
ISA doesn't need to inspect the traffic on your intenal network, routing this traffic should be responsability of the ROUTER ONLY. When you configured your hosts on 10.0.0.0 with DG = 10.0.0.1, you are forcing the ISA to act as a router. You need to change their DG to the IP address of the router on that subnet (10.0.0.4), the router knows how to handle the traffic, and packets directed to 192.168.0.X and 10.0.1.X are able to reach their destination. All you ned to worry, or ISA needs to worry is about the internet traffic.
Your router needs to have the ISA server as the "gateway of last resource" meaning that any traffic that is not directed to the internal subnets, should be send to ISA firewall On your router add the last resource gateway: IP ROUTE ADD 0.0.0.0 0.0.0.0 10.0.0.1
The ISA already knows how to send traffic back to 10.0.1.X and 192.168.0.X (you said you configured ISA to send this traffic to 10.0.0.4)
And YES, ISA won't inspect your Internal traffic, ISA is not routing your internal traffic.