• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2004 Routing issues

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> ISA 2004 Routing issues Page: [1]
Message << Older Topic   Newer Topic >>
ISA 2004 Routing issues - 11.Nov.2010 9:15:13 PM   


Posts: 1
Joined: 11.Nov.2010
Status: offline

I'm having issues getting ISA 2004 to route traffic to private IP address through the external interface. The attached image shows a basic netdiagram (editing out any real external IP addresses)

not shown in the image: the IPSEC network address is

both the frontend ISA and the cisco ASA have public IP addresses.

I have added the following static route to the ISA server:
route add -p mask

I can ping the ASA from the frontend ISA just fine, traffic passes from my internal network up to the frontend ISA just fine as well.

For the most part I get destination unreachable errors back from almost anything I do, I've tried adding the destination network to my "internal" networks in ISA as numerous posts around the internet have suggested (I dont think this is applicable in my case as I don't want ISA thinking this network is on it's internal side) but this still results in host unreachable errors.

Trace routes also produce the same "network unreachable" error when attempting to find a host in the 10.10.17.x network.

I've tried about every combination of settings withing ISA than I could think of and nothing has worked, does anyone see anything that immediately stands out as wrong (aside from the hub )

Thanks in advance,
Post #: 1
RE: ISA 2004 Routing issues - 19.Jul.2012 10:11:40 AM   


Posts: 14
Joined: 8.Nov.2011
Status: offline
I'm having a hard time here...

What re you trying to accomplish exactly!? Is the IPSEC a VPN connection? Is IPSEC part of the internal network?

From what you have here, ISA Front End has a PUBLIC IP address linked from the hub which also gives a PUBLIC IP to the CISCO ASA correct?

Now, you're trying to route PRIVATE (internal LAN traffic) through the Backend/DMZ/ Frontend to the Cisco ASA/IPSEC side?

If I've explained what i've gathered from your setup correctly, what you are trying to accomplish cannot be done!!!

You cannot "ROUTE" PRIVATE LAN IP traffic through a PUBLIC IP interface into another PUBLIC IP interface and down to that PRIVATE IP LAN.

What is the goal you are ultimately trying to accomplish?!? Is the segment known as "IPSEC Connection" your internal LAN?

Is the 172.x.x.x ALSO supposed to be an internal LAN connection?

If so, the connection needs to be made at the router level in order to route Private IP's to another lan segment containing private IP's. For example:

if i want my 192.168 segment to reach 172.16 segment via routing protocols, I would need a routing machine (router, ISA made into router, server with RRAS, etc).

(in reply to kfolks)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> ISA 2004 Routing issues Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts