• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How do I set ISA2006 to route public IP addresses?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> How do I set ISA2006 to route public IP addresses? Page: [1]
Login
Message << Older Topic   Newer Topic >>
How do I set ISA2006 to route public IP addresses? - 30.Dec.2008 6:35:09 AM   
cpjones1986

 

Posts: 2
Joined: 30.Dec.2008
Status: offline
Hi there,

Apologies for the long post. I am having a problem with deploying a new ISA 2006 server.

A while ago I setup an ISA 2006 server with 3 NICs which sits between the internet and two public subnets. Below is the configuration applied to this server:

- 1st NIC - WAN interface (IP assigned by ISP)
- 2nd NIC - Internal interface (60.244.55.8/30)* used to connect client machines
- 3rd NIC - Perimeter interface (60.244.54.0/29)* used to publish a few servers
* Note: not my real IP addresses. Ones that I came up with for the purpose of my illustration.

To further explain how I have the network setup, I have an image (lovingly handcrafted in paint) here > http://img139.imageshack.us/img139/5210/networkav3.jpg.

Under network rules, I have set all networks to route between one another. I have also disabled the Web Proxy for the Internal network. I can then set devices up on each particular subnet ok and publish services without a problem.

On my original ISA 2006 server setup some time ago, I was able to jump onto a machine on any subnet and visit the site www.myipaddress.com and see the IP address that has been set on that machine. For example; If Iím on a server in the Perimeter Subnet with the IP address of 60.244.54.4 and I visit the site www.myipaddress.com, the IP address that would come up is 60.244.54.4 which is what Iím after.

However, I have a new ISA Server that requires the same configuration yet it seems that there is some kind of address translation going on. Whenever I visit www.myipaddress.com from any machine within any subnet, it shows the IP address that my ISP has given me (IP address of the 1st NIC).

If from a machine with the IP address of 60.244.55.10 in the Internal Network visits a page on a server in the Perimeter Subnet, the IP address of the visiting client is that of the ISA server (being 60.244.54.1) and not 60.244.55.10.

I have compared the IP routing tables on both machines and they are exactly the same. I have also exported all the setting from the original ISA server and imported them into the new ISA server and this didn't resolve the problem.

Can someone please let me know what I am missing?? The only thing that I am now thinking of is that it's hardware related?? (Clutching at straws).

Hope this all makes sense. Please let me know if it doesnít.

Many thanks.
Post #: 1
RE: How do I set ISA2006 to route public IP addresses? - 30.Dec.2008 11:34:26 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
When connections go through the Web Proxy filter, then the connections are proxied (a coincidence? )

When connections are proxied, the original source IP address is replaced with the firewall's address.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to cpjones1986)
Post #: 2
RE: How do I set ISA2006 to route public IP addresses? - 31.Dec.2008 4:15:40 AM   
cpjones1986

 

Posts: 2
Joined: 30.Dec.2008
Status: offline
Thanks Tom!!
I attempted to disable the Web Proxy Filter at an array level and failed to do so. Realised that if enabled at an enterprise level, it could not be disabled at an array level (which is why my importing was not working!!).

All working as it should now. Many thanks for your response.

(in reply to tshinder)
Post #: 3
RE: How do I set ISA2006 to route public IP addresses? - 31.Dec.2008 9:07:01 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
You probably don't want to disable the filter for the entire firewall, since it's useful for Web Publishing Rules. However, if you're using the firewall only as a firewall, and not for any Web Proxy at all, then disabling the Web Proxy filter is a good thing.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to cpjones1986)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> How do I set ISA2006 to route public IP addresses? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts