• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

default gateway and routes

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> default gateway and routes Page: [1]
Login
Message << Older Topic   Newer Topic >>
default gateway and routes - 15.Nov.2006 9:52:33 PM   
paul_psmith

 

Posts: 79
Joined: 2.Nov.2006
Status: offline
Here's an interesting one.
 
Our ISA server array will have one NIC in a DMZ and one NIC internal. the internal networks are 10.0.x.x up to 10.245.255.255. The DMZ will span 10.246.0.1 to 10.250.255.255. The internal interface will be on 10.245.128.x.
 
All of these have claxx C subnet masks.
 
The outside firewall is a PIX. The ISA server is an Exchange 2003 application firewall only for external users of POP3 and OWA.
 
I am having problems figuring out how to do the default gateway and routes to add for these servers. My thought is to set the default GW as the internal interface router, and add routes for the DMZ subnets to the DMZ interface. And then add the DMZ inerface as the External network in ISA.
 
Am I missing something or does this make sense?
Thanks
Post #: 1
RE: default gateway and routes - 20.Nov.2006 9:56:12 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Paul,

Its critical that the ISA Firewall be in the path between the servers and the Internet, because of the security weaknesses well known with the PIX.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paul_psmith)
Post #: 2
RE: default gateway and routes - 20.Nov.2006 10:10:37 AM   
paul_psmith

 

Posts: 79
Joined: 2.Nov.2006
Status: offline
Hey Tom,

The ISA server is in the path between the internet and the Exchange servers. It is just that there is a PIX before that and one side of the ISA server is between the PIX and the Exchange server:  internet<->PIX<->ISA<->Exchange FE.

My problem however is that my "DMZ" network between the PIX and the ISA server is 10.247.0.x/22, the network that the Ex FE servers sit on is 10.245.128.x/24 and all of my other internal networks are 10.x.x.x/24.

Don't ask me, I did not set it up, and I have no control at this point over why or when to use a PIX. That is a higher authority than mine. I don't have a desire at this point to argue the bad and the good of various hardware/software platforms.

I just need to get it working in this configuration.

What I have come up with, which is not optimal, but I think I can get it to work is to make the external network be everything other than the exchange server network, and make the Ex server network (10.245.128.x) be the internal network. All requests for POP3, OWA and client SMTP will go through the ISA firewall, even internal clients. this way I just have one subnet on the back of the ISA servers and if I need to add any specialty functions, I can add a new route.

Thanks
Paul

(in reply to tshinder)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> default gateway and routes Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts