Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: PIX, ISA, Internal Router, HELP!!!
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: PIX, ISA, Internal Router, HELP!!! - 2.Feb.2006 12:05:15 AM
|
|
|
Collide.Six
Posts: 1
Joined: 1.Feb.2006
Status: offline
|
I would check that there isn’t an overlapping subnet configured somewhere in ISA. I saw an issue where a misconfigured subnet address was overlapping a subnet on another interface this caused ISA to act strangely.
|
|
|
|
|
RE: PIX, ISA, Internal Router, HELP!!! - 2.Feb.2006 2:43:29 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Mike,
Sorry for the delay. I'm on a travel jag now and will try to get this checked tonight.
So, just to be clear, you're able to connect, but you get intermittantly disconnected?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: PIX, ISA, Internal Router, HELP!!! - 3.Feb.2006 2:23:46 AM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
That is correct we are able to "route" outwards to the internet but we get intermittenly disconnected from active connections and at the time that happens we are unable to establish new connections for anywhere from 30 seconds - 2 minutes. This includes opening new connections like RDP to the outside world, internet explorer to various external web sites, Citrix Client for Payroll, etc.
|
|
|
|
|
RE: PIX, ISA, Internal Router, HELP!!! - 27.Mar.2006 8:18:39 PM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
Tom,
We reverted everything back to a single subnet scenario for the time being until we could do some further testing.
A week or so ago I stumbled across the fact that ISA was setup with a 3-Leg Perimeter template. This was setup over 8 months ago when we were doing some testing with an Internet Only network.
Do you think that this would/could have been the cause for the intermitten time out issues we were having with traffic going outbound and also the server publishing rules?
Thanks,
Mike Driest
|
|
|
|
|
RE: PIX, ISA, Internal Router, HELP!!! - 28.Mar.2006 3:23:42 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Mike,
Possibly -- anytime I see a template used, I have to consider the rest of the configuration suspect.
Might be worth strating from scratch.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: PIX, ISA, Internal Router, HELP!!! - 3.May2006 7:16:07 AM
|
|
|
mdriest
Posts: 67
Joined: 18.Dec.2003
Status: offline
|
Hi Tom,
I removed the 3-leg perimeter template around the end of March and I did some more testing with no success.
After looking over more network within a network and complex network diagrams, and also reading your book over again (the network within a network part) it hit me!
I knew exactly what we did wrong with our setup and ISA Server 2004.
We did not setup a stub subnet between the ISA Server and the Internal Layer 3 Switch. By that I mean the Internal IP Address of the ISA Server was on the same subnet as the server vlan.
I went ahead and setup a Firewall VLAN for ISA, reconfigured ISA's Internal IP Address and then also added the 0.0.0.0 0.0.0.0 route in our Layer 3 Switch to the ISA Server's new IP on the Firewall VLAN.
I then added the persistent routes to ISA for all of our Internal VLANS and also added these VLANS to the Internal Network in the ISA Server MGMT Console. Ofcourse we also changed the DG of all the Servers on the Server VLAN to the Layer 3 switch on the respected subnet.
This has been working flawlessly for 3 days now.
Thanks for your help,
Mike Driest
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
