• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Routing to other internal networks via different internal router

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> Routing to other internal networks via different internal router Page: [1]
Login
Message << Older Topic   Newer Topic >>
Routing to other internal networks via different intern... - 14.Aug.2009 1:34:57 PM   
releaser

 

Posts: 78
Joined: 23.Jan.2004
From: Northern California
Status: offline
We have three sites all connected via VPN tunnels using Linksys VPN routers.

Our main network:
Network: 192.168.4.0/24
VPN Gateway: 192.168.4.1
ISA: 192.168.4.6
DHCP Leased Default Gateway for all clients on 4.0 network: 192.168.4.6

Other Networks:
Site1 Network: 192.168.2.0/24
Site 2 Network: 192.168.3.0/24

Now that everone on the 4.0 network is set to go through 4.6 as the default
gateway, proxy and FWC, I'm having troubles connecting to the 2.0 and 3.0
networks. I know these networks are up and running because I can still ping
them fine using our DC which is still set to default out through
192.168.4.1.

I statically set routes in the ISA using the command prompt with the route
add -p command. I was able to ping the remote networks fine from the ISA
itself but clients on the network could not.

I tried setting up RRAS to just be a router and route to those destinations,
but this still didn't let the clients route to the remote networks.

On ISA, my internal network contains the range of 192.168.2.0-192.168.4.255
(initially but see below).

I tried setting the internal network to the range of 192.168.4.0-4.255 and
making two new networks with the ranges of 3.0-3.255 and 2.0-2.255. Then I
created a network rule to route where the source network was Internal and
the destinatin network was the network with the 3.0-3.255 range then tried
to ping an address on the 3.0 network. That didn't work either. I did this
with RRAS enabled and Disabled and either way mattered not.

So, what is the method I would use to set up the routing on the ISA box for
the clients to reach the 2.0 and 3.0 networks? Apparently ISA doesn't use
the routes added via the command prompt to route for clients behind the
firewall but does for itself, as long as the Internal network includes the
network you're pinging. I found that once I changed the 2.0-4.55 network
range for Internal to 4.0-4.255 (and before I created two more separate
networks of 2.0 and 3.0), I could no longer ping the other networks from
ISA.

TIA,
Jim
Post #: 1
RE: Routing to other internal networks via different in... - 17.Aug.2009 8:58:20 AM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Hi,

To properly setup routing through ISA you would need to add additional NICís, define a network object and IP rnage  for each and then create access rules to allow the traffic. ISA has routing capability but its main function is a Firewall. Your options, other than above would be to either add persistent manual routes to all devices on the 4.0 network to the other subnets, or change the default route to use the VPN gateway instead of ISA and then configure each client as an ISA Firewall and Web Proxy client on the 4.0 network.   

HTH

RB   

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to releaser)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> Routing to other internal networks via different internal router Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts