how to "ROUTE" between the 2 interfaces of ISA Server

[netrage]

HI buddies,


If i understand it correctly , the scenario is simple... pls correct me if i m wrong.




wkstn ----- switch --- ---------------- ISA ------------------------------------|X|---------Internet
192.168.1.0 192.168.1.5 192.168.123.5


this is perfectly all right, u r trying to run isa over a multihomed system, absolutely fine.
The easiest way , that i would do is -->

1 Try to see if my router is routing via protocol (probably rip) or nat.

2 simply type netsh in the cmd prompt on the ISA server OS ( which wud b something like 2000 or 2003 just a guess...)

3 prompt changes to netsh > type ? u will know the way to do it :-)

I hope thins will help you resolve your issue.

Explaination -> the router is fine and ISA is a multihomed system, using NETSH a hidden part of winodws 2k and later systems , you will be able to configure your device as router and that will automatically route your connected networks :-).

I m sure there can be better ways of doing it, but you might want to try this option if its only about testing.

regards

[sec_ware]

Now, I am a bit confused

Isn't the idea of the ISA to "check" the packages (whatever it is) before sending
it further ( usually intensiv "testing" from the outer world (north) to the inner world (south) )?

A very silly question, but currently I cannot test an ISA, and I do not know the"impact"
of installing an ISA by heart that well: Does a route like you describe not eventually bypass the
ISA server, such that its whole idea is gone? Actually, I don't think so, see below.
*end of very silly question*

Isn't the strategy to define within ISA how different "parts" of the network are in relation
to each other (of course, it might be that the ISA internally just creates a route according to
your suggestions)? Then any connection issue now is due to the configuration of the ISA.
It might be helpful if you could tell us, what exactly you want to test (just the firewall, or ... )?

Sorry, that I mess up that problematic even more.


/edit: Try also to configure your router to send everything (maybe after
its interal packet filtering if there is any) to the north-NIC of the ISA-Server, ie 192.168.123.5.

[netrage]

hi sec,

-- i know a bit about ISA , if i understand correctly, it monitors traffic for web request and applications and not the network. ( its not working at layer 3).

-- ISA will watc we requests, traffic on web (as much as i go , again i m not microsft expert ) so any request to internet that will go to ISA , it will actually check it.

-- You have to send data from internal network to external world, simply a route command to add

route add soure mask dest .. should do.

-- We have an internal network and an external network , so actually we will have to Translate the internal network so that it can go to the external network.. (NAT).

Perhaps if we get the complete info. like os ver. , router model, i could try and recreate it and let him know.

rgds

[tanbetien]

Thanks all for your help
Actually, I'm doing this testing so that I can implement the real ISA Server system for my company's server network.
ISA Server 2004 is running on Windows 2003
At my company's server network, all the IP addresses of the servers are public (not private addresses like what I'm testing).
And there is a problem I'm not so sure: some of you suggest that I type the command "route...", I wonder where I can type that command? It is because when I tried creating the relationship as "ROUTE" between the internal network and the external network, I saw that the internal network can connect to the external network and connect to the internet. And I guess I also have to do this action: adding a static route to the router, indicating the gateway that leads to the internal network. I'm not so sure if I have to specify this static route when using the ISA Server, or the ISA Server will automatically talk to the router. Anyway, I'm still testing on that.
Weekend coming so fast.
Have a nice weekend everyone

[Ghost_25inf]

Whats the Default gateway?
Whats your subnet mask?

Sounds like you dont have the gateway set properly

[tanbetien]

For my testing case, the default gateway leading to the internal network is the external (north) interface of the ISA Server 192.168.123.5
Should I set this static route at the router above the ISA Server ?

[tanbetien]

Now my internal network (192.168.1.0)can access to the internet through the external network (192.168.123.0), but there is no DNS, although I defined the DNS Server address just as defined at the external gateway. Also, the external nework couldn't connect to the internal network, although it can ping only the internal interface of the ISA Server
Anyone know how to troubleshoot?
Thanks

[tanbetien]

Hi,
I hope MsMittens or someone can help me in this:
When the 2 interfaces of the ISA Server are assigned to the 2 IP addresses that belong to the same subnet, the internal network couldn't connect to the external network. And as a result, the internal network couldn't connect to the internet.
I specified the relationship as "ROUTE" between the internal network and the external network.
And I also asked about this matter in the ISA Server forum, but an expert guy answered that the 2 interfaces of the ISA Server must belong to 2 different network ID's. That really breaks my heart, because my company's server network has the public IP addresses which belong to only 1 network (subnet mask is: 255.255.255.248)
Please help, thanks

[tanbetien]

Below are the methods that I think of, but ISA Server couldn't do the routing
1) (router)***.208.240.1<--->***.208.240.2(ISA Server)***.208.240.3<--->Internal network (public IP addresses in the network ***.208.240.0, subnet mask: 255.255.255.224)
2) (router)192.168.1.1<--->192.168.1.2(ISA Server)***.208.240.1<--->Internal network (public IP addresses)

Anyone who knows the way?
Thanks