I have a situation I simply have been unable to figure out.
My ISA2004 Server is connected to the Internet via a ActionTec MI424WR Router (192.168.1.1). It hands out addresses to 2 Wireless laptops (192.168.1.3 & 192.168.1.4) that are also hardwired into my network (192.168.254.x) when they are in their docking stations.
I have 3 NICS in the ISA2004 Server. NIC1: 192.168.1.2 is connected to the ActionTec Router (192.168.1.1) GWY: 192.168.1.1 NIC2: 192.168.254.219 is connected to an unmanaged switch on my LAN1. GWY: NONE There are no connection problems/issues with this LAN NIC3: 192.168.0.2 is connected to a Linksys WRT54GS Router. GWY: NONE
The WRT54GS router has a WAN address of 192.168.0.1 GWY 192.168.0.2, a LAN address of 192.168.2.50 and hands out Wireless/DHCP addresses of 192.168.2.51-55. This device will not allow the WAN/LAN to exist on the same subnet.
NIC1 is the local host NIC2 was added as an adapter to Internal.
No matter how I have added NIC3 (Internal or Perimeter) and setup up a Routing Network Rule, any address handed out by the Wireless Routers (192.168.1.3, 192.168.1.3, 192.168.1.51) is rejected as 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED. I also get rules denied on a RIP (520) protocol transaction from 192.168.1.50.
How do I setup NIC3? I know nothing about VPN (software/setup). I want the laptops on the 192.168.1.x & 192.168.2.x to participate in my internal network so they can see the 2 domains, do file sharing, etc. I have locked down my Wireless (no SSID broadcasting, WPA + AES, MAC only matching, etc.) so I am not terribly concerned about the security issues of wireless.
Does your router have NAT enabled because looking at your I.P range for your routers address 192.168.0.2 and seeing your laptop address range on a different subnet 192.168.1.X it is not going to work because they are setup on 2 different subnets NAT needs to the translation between the subnets so the traffic can flow
Disabling ISA 2004 Spoofing (Registry & required a server reboot)
Using 2 Wireless USB devices on my laptop. One connects to the Wireless on the ActionTec and one connects to the WRT54GS WAP. This gives me valid IP addresses on both domains on one computer. I can now do everything I want.
I had also done the Network/Network Rule incorrectly. Once I corrected this, ISA 2004 now sees my traffic the way I want it to.