Our main office network is 192.168.9.0/24 and branch office is 192.168.10/24 which is connected using leased line router. ISA server internal address in main office is 192.168.9.1 and that of leased line router to branch office is 192.168.9.254. Our servers in main office connects to internet as NAT client by specifying ISA server internal IP 192.168.9.1 as their gatewway. How can I configure my ISA server to forward all branch office traffic to leased line router IP 192.168.9.254 without modifying anything on my NAT client. I can easily do this by specifying static route on client side but I want to achieve it by making necessary configuration on ISA server side for simplicity.
Many thanks for your response to my query. I have followed what you have mentioned. Now I am able to ping branch office network from ISA server itself but unable to ping the same from NAT client. I looked at monitoring and it is mentioned that it was denied as per default rule. I then created access rule to allow all traffice from internal network to internal network applied to all users and it started working fine after that. I am not sure why was I required to create this rule and if it will create any issue or will compromise security. I will appreciate your kind comments on it.
No, you will not compromise security, but Isa server was designed to work as firewall, not as router. Assuming that your branch office is inside your Internal network is better not use Isa server to process internal traficc, but, of course is your choice. In your case, the better way could be do the leased line router the gateway for the branch office. You can use AD policies in order to do static routes (in servers and pcs) to specific branch office gateway, instead doing all internal branch office trafic goes to Isa server. regards,
Eng.Hector Sanchez MCSE + Security 2000/2003 MCTS Isa 2004/Isa 2006
Thanks once again for your kind reply. Yes I agree with you that ISA should not be used as router. I am thinking of configuring RRAS on one of the server and using it as router. I will sepcify RRAS as gateway from client after that instead of ISA. I will appreciate your views on this. I am not sure how do we use Group Policy for specifying route.