• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Network behind Network I can't touch

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Network behind Network I can't touch Page: [1]
Login
Message << Older Topic   Newer Topic >>
Network behind Network I can't touch - 15.Mar.2005 5:49:00 AM   
bbroadfoot

 

Posts: 20
Joined: 23.Mar.2004
From: New Zealand
Status: offline
Hi all,

I have this working for my ISA box but for a client's I can't seem to crack it.

Problem is thus - I have an ISA firewall (2 NICs) that is hanging off a PIX as essentially a Perimeter network. On the Internal network, there are a bunch of clients on multiple subnets that use one router that then points to the PIX as it's default gateway.

When trying to get L2TP VPN with RADIUS working, I suspect that the client is hitting ISA, ISA is parsing the request to the IAS box which then attempts to route this back through it's default gateway (namely the router) and a response never gets to ISA because the router doesn't know about it.

I figure I have a couple of options here:

1. Change the Default Gateway on the IAS box to the ISA box.

2. Add a second gateway on the IAS box pointing to ISA and have a static route to the ISA box for traffic to it only.

The ISA box 'knows' about the other subnets (loaded in at a route level and at a ISA level) so in theory I could get the DG changed and everything would be happy. The only problem is that there is yet another party involved who have already got a bit precious about me going around there beloved PIX.

So is the idea of having a static route to the ISA box going to work or am I going to have to change the DG on this box? Realistically there are only 2 boxes involved - one for RADIUS and one for OWA/OMA/Active-Sync.

Any ideas or help would be appreciated.

Yours Quizzically
B
Post #: 1
RE: Network behind Network I can't touch - 16.Mar.2005 1:55:00 AM   
bbroadfoot

 

Posts: 20
Joined: 23.Mar.2004
From: New Zealand
Status: offline
Hmm, having read the posts at this forum things do not look promising at all.
It would seem from the above - if I am following correctly that I can't rely on ISA to perform the routing that I require it to if it is to be the default gateway.
Therefore my only option, I believe, is to leave the router in between the servers and the PIX as the Default Gateway and have a static route to ISA as needed.
Anyone want to validate that?

(in reply to bbroadfoot)
Post #: 2
RE: Network behind Network I can't touch - 20.Mar.2005 4:28:00 AM   
WyldWolf

 

Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
What's the default route on the router?

(in reply to bbroadfoot)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Network behind Network I can't touch Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts