ISA with multiple subnets (Full Version)

All Forums >> [ISA Server 2004 General ] >> Installation



Message

nabreu -> ISA with multiple subnets (26.Jun.2008 6:20:22 AM)

Hi!
I have the following problem that i canīt find a solution.
I have 1 SBS server IP 192.168.92.200 and a ISA server with 1 NIC IP 192.168.92.205.
SBS has Exchange, DHCP, DNS and RAS (I think that the problem might be here. RAS should probably be configured on server with ISA)
ISA is configured as web proxy only.
There are 3 subnets: 192.168.92.*;192.168.93.*;192.168.94.*
All workstations on all subnets have no problems accessing the servers.
Workstations can only access resourses on other workstaions on itīs own subnet.
Ex. WS in 192.168.92.* canīt access WS in 192.168.93.*, but have no problems accessing WS in 192.168.92.*.
Iīve done tests and itīs ISA that is doing this. The error is 0xc0040017 "A non SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer".

Can someone please help on what can be causing this ?
Thanks!



Rotorblade -> RE: ISA with multiple subnets (26.Jun.2008 1:35:46 PM)

Hi,

Are the sub's defined/included in the ISA internal network range?

Do you have persistent static routes defined in the ISA’s routing table for each subnet?

HTH

RB



Rotorblade -> RE: ISA with multiple subnets (26.Jun.2008 5:31:07 PM)

quote:


Workstations can only access resourses on other workstaions on itīs own subnet.
Ex. WS in 192.168.92.* canīt access WS in 192.168.93.*, but have no problems accessing WS in 192.168.92.*.


What R U using for the router?

quote:

 
Iīve done tests and itīs ISA that is doing this. The error is 0xc0040017 "A non SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer".


If the above is true then don't use ISA as the router and the client's default GW! With running in "hork mode" SecureNAT is not supported!

quote:

 

referenced from:
http://www.microsoft.com/technet/isa/2004/plan/single_adapter.mspx

  • SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. Because the Firewall service is not available in a single network adapter configuration, such requests are not supported.



    • quote:


    (I think that the problem might be here. RAS should probably be configured on server with ISA)


    Not a good idea!

    HTH

    RB



    Page: [1]