• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Branch office routing for secure NAT client

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> Branch office routing for secure NAT client Page: [1]
Login
Message << Older Topic   Newer Topic >>
Branch office routing for secure NAT client - 2.Feb.2010 12:18:05 AM   
Sudev

 

Posts: 11
Joined: 17.Mar.2009
Status: offline
Hi,

Our main office network is 192.168.9.0/24 and branch office is 192.168.10/24 which is connected using leased line router. ISA server internal address in main office is 192.168.9.1 and that of leased line router to branch office is 192.168.9.254. Our servers in main office connects to internet as NAT client by specifying ISA server internal IP 192.168.9.1 as their gatewway. How can I configure my ISA server to forward all branch office traffic to leased line router IP 192.168.9.254 without modifying anything on my NAT client. I can easily do this by specifying static route on client side but I want to achieve it by making necessary configuration on ISA server side for simplicity.

Thanks and regards

Sudev
Post #: 1
RE: Branch office routing for secure NAT client - 3.Feb.2010 2:52:55 PM   
hrsanchez

 

Posts: 146
Joined: 30.Nov.2007
From: Argentina
Status: offline
Hi,


You have to:
1.- do static route in Isa server.
route add -p 192.168.10.0 mask 255.255.255.0 192.168.9.254
2.- Add 192.168.10.1-192.168.10.255 to Internal range in isa server.

Mantain ISA server internal IP (192.168.9.1) as gateway of servers.

Note: I am assuming that 192.168.10.0/24 IP segment are reachable from a Isa internal physical Nic.

Regards,

< Message edited by hrsanchez -- 3.Feb.2010 3:12:59 PM >


_____________________________

Eng.Hector Sanchez
MCSE + Security 2000/2003
MCTS Isa 2004/Isa 2006

(in reply to Sudev)
Post #: 2
RE: Branch office routing for secure NAT client - 4.Feb.2010 5:14:54 AM   
Sudev

 

Posts: 11
Joined: 17.Mar.2009
Status: offline
Hi,

Many thanks for your response to my query. I have followed what you have mentioned. Now I am able to ping branch office network from ISA server itself but unable to ping the same from NAT client. I looked at monitoring and it is mentioned that it was denied as per default rule. I then created access rule to allow all traffice from internal network to internal network applied to all users and it started working fine after that. I am not sure why was I required to create this rule and if it will create any issue or will compromise security. I will appreciate your kind comments on it.

Regards

Sudev

(in reply to hrsanchez)
Post #: 3
RE: Branch office routing for secure NAT client - 4.Feb.2010 8:25:39 AM   
hrsanchez

 

Posts: 146
Joined: 30.Nov.2007
From: Argentina
Status: offline
Hi Sudev,

No, you will not compromise security, but Isa server was designed to work as firewall, not as router.
Assuming that your branch office is inside your Internal network is better not use Isa server to process internal traficc, but, of course is your choice.
In your case, the better way could be do the leased line router the gateway for the branch office.
You can use AD policies in order to do static routes (in servers and pcs) to specific branch office gateway, instead doing all internal branch office trafic goes to Isa server.
regards,

Hector

_____________________________

Eng.Hector Sanchez
MCSE + Security 2000/2003
MCTS Isa 2004/Isa 2006

(in reply to Sudev)
Post #: 4
RE: Branch office routing for secure NAT client - 4.Feb.2010 2:57:32 PM   
Sudev

 

Posts: 11
Joined: 17.Mar.2009
Status: offline
Hi Hector,

Thanks once again for your kind reply. Yes I agree with you that ISA should not be used as router. I am thinking of configuring RRAS on one of the server and using it as router. I will sepcify RRAS as gateway from client after that instead of ISA. I will appreciate your views on this. I am not sure how do we use Group Policy for specifying route.

Regards

Sudev

(in reply to hrsanchez)
Post #: 5
RE: Branch office routing for secure NAT client - 4.Feb.2010 7:00:56 PM   
hrsanchez

 

Posts: 146
Joined: 30.Nov.2007
From: Argentina
Status: offline
Hi,

Yes ,I agree with you. This is a better and more elegant solution.
Regards,

Hector

_____________________________

Eng.Hector Sanchez
MCSE + Security 2000/2003
MCTS Isa 2004/Isa 2006

(in reply to Sudev)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> Branch office routing for secure NAT client Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts