• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Routing removed after ISA edit

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> Routing removed after ISA edit Page: [1]
Login
Message << Older Topic   Newer Topic >>
Routing removed after ISA edit - 26.Oct.2009 7:27:01 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
Hi,

One of our customers is using ISA. Because of some changes to the network, the ISA-server also needed to do some routing.
No problem: enabling Routing and Remote Access, adding some static routes, adding some IP-ranges to the internal network and you're good to go.

Well, not quite...

Indeed, enabling routing and remote access, adding the static routes and modifying ISA so the internal networks include some extra ranges does the trick.
However, when any changes are made in the ISA server and those changes are applied, the routing service is disabled and all static routes are removed.
So after every modification in the ISA firewall, routing and remote access has to be reconfigured again.

Has anyone has this issue? Or does anyone knows a solution?
The ISA server is version 4.0.2167.887, the windows server is Windows Server 2003 Standard Edition with Service Pack 2.
Post #: 1
RE: Routing removed after ISA edit - 26.Oct.2009 7:42:20 AM   
srjshiva

 

Posts: 28
Joined: 22.Dec.2008
Status: offline
Hi,


Any errors in eventvwr.


_____________________________

Regards,
Shiv

(in reply to bbackx)
Post #: 2
RE: Routing removed after ISA edit - 26.Oct.2009 8:33:43 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
Only that the Routing and Remote Access service was successfully sent a stop control, that it was stoppend and disabled (event ID's 7035, 7036 and 7040).
When I reconfigured and started the service, similar notices were logged (disabled to start, started, entered running state).

(in reply to srjshiva)
Post #: 3
RE: Routing removed after ISA edit - 26.Oct.2009 8:53:24 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Have you enabled the RRAS service in the ISA MMC.


ISA is a firewall btw...not a router.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to bbackx)
Post #: 4
RE: Routing removed after ISA edit - 26.Oct.2009 9:14:49 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
IP routing is enabled in the IP Preferences configuration screen, don't know if there are other places where it should be enabled?

And I know that ISA is a firewall, but the current setup doesn't allow for any other solution :-(

(in reply to SteveMoffat)
Post #: 5
RE: Routing removed after ISA edit - 26.Oct.2009 9:17:25 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
When ISA is installed it takess over the RRAS servive in order to comntrol dial in VPN's. Any & all changes need to be done within ISA & command prompt route add's

Good luck...

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to bbackx)
Post #: 6
RE: Routing removed after ISA edit - 26.Oct.2009 9:24:45 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
On a test environment, this went fine indeed.
However, on the production server, the routing only works when RRAS is enabled and configured.
(persistent routes are already added via command line)

(in reply to SteveMoffat)
Post #: 7
RE: Routing removed after ISA edit - 26.Oct.2009 9:30:19 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Yep, you need to enable it & configure it from the ISA Management console.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to bbackx)
Post #: 8
RE: Routing removed after ISA edit - 26.Oct.2009 9:59:02 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
Perhaps a stupid question, but how do I enable and configure static routes from the ISA management console?
I can't seem to find it

(in reply to SteveMoffat)
Post #: 9
RE: Routing removed after ISA edit - 26.Oct.2009 7:55:21 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
quote:


how do I enable and configure static routes from the ISA management console?



No option from the MMC; you have to add them using the ROUTE Add..... from the CLI. Be sure to use the the -p switch to make them persistent.

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to bbackx)
Post #: 10
RE: Routing removed after ISA edit - 26.Oct.2009 7:59:37 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
How many NICs do you have installed and configured? The reason I asked, if you intend to use ISA as a router, you'll need a NIC for each subnet that is being routed through ISA. Not to mention, Access rules too.

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to Rotorblade)
Post #: 11
RE: Routing removed after ISA edit - 27.Oct.2009 10:36:27 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
I added the routes command line, but still RRAS has to be enabled and configured before the routing works.

I created an image with the simplified version of the setup:

The situation is actually a company network inside a bigger company (to make things easier) and 2 sites within that company (Internal Network 1 and 2). There is a VPN-tunnel between the 2 ASA's and some of the subnets of the company network should be reachable from within the internal networks.
If we let the ASA do the routing, we get problems with some protocols to the internet (searched for a solution with cisco tech-guys, didn't found one).
So now the ISA acts as router and everything works perfectly, as long as there are no modifications to the firewall settings.
When there's any modification in the ISA applied, RRAS is disabled and routing no longer works (even with the persistent routes added via command line).

(in reply to Rotorblade)
Post #: 12
RE: Routing removed after ISA edit - 28.Oct.2009 5:19:52 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
I've been testing some more today and it seems that the problem solved itself...
Very strange, don't really like the way this turned out, but as far as I can see, everything works fine.
Adding persistent routes command line is sufficient.

(in reply to bbackx)
Post #: 13
RE: Routing removed after ISA edit - 28.Oct.2009 10:05:47 AM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Well, good luck and judging from your illustration, I would recommend you do your customer a favor and have them invest in a good router. You have a network-behind-a-network scenario and with ISA acting as the router; it better be configured properly or your customer is in for so major issues.

RB

P.S
quote:


If we let the ASA do the routing, we get problems with some protocols to the internet (searched for a solution with cisco tech-guys, didn't found one).



With the VPN tunnels, using the ASA’s for routing would be an issue. and like ISA, it's a firewall. You also need to make sure that the gateway of last resort is set.


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to bbackx)
Post #: 14
RE: Routing removed after ISA edit - 29.Oct.2009 10:57:46 AM   
bbackx

 

Posts: 10
Joined: 26.Oct.2009
Status: offline
Thanks, I guess
The following problem already showed up. Bad application this time, no ISA-issue.

(in reply to Rotorblade)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> Routing removed after ISA edit Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts