Question

Locked

ISA Server with 3 NIC

By minhhiep.duong ·
Status: offline I have 3 NIC on my ISA 2k4 Standard version.

1. IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
This address is provide by DHCP - ADSL modem (Im using PPPoE on ISA server)

2. IP Address. . . . . . . . . . . . : 172.17.1.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.17.1.11
This is LAN Interface (ISA server)

3. IP Address. . . . . . . . . . . . : 10.0.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
This is another internal network

Routing table

Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 222.254.192.233 222.254.192.233 1
10.0.0.4 255.255.255.252 10.0.0.6 10.0.0.6 20
10.0.0.6 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.6 10.0.0.6 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.0.0 255.255.0.0 10.0.0.5 10.0.0.6 1
172.17.0.0 255.255.0.0 172.17.1.1 172.17.1.1 20
172.17.1.1 255.255.255.255 127.0.0.1 127.0.0.1 20
172.17.255.255 255.255.255.255 172.17.1.1 172.17.1.1 20
172.18.0.0 255.255.0.0 10.0.0.6 10.0.0.6 20
172.19.0.0 255.255.0.0 10.0.0.5 10.0.0.6 1
172.20.0.0 255.255.0.0 10.0.0.5 10.0.0.6 1
172.21.0.0 255.255.0.0 10.0.0.5 10.0.0.6 1
172.30.0.0 255.255.0.0 10.0.0.5 10.0.0.6 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 20
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 20
222.253.64.1 255.255.255.255 222.254.192.233 222.254.192.233 1
222.254.192.233 255.255.255.255 127.0.0.1 127.0.0.1 50
222.254.192.255 255.255.255.255 222.254.192.233 222.254.192.233 50
224.0.0.0 240.0.0.0 10.0.0.6 10.0.0.6 20
224.0.0.0 240.0.0.0 172.17.1.1 172.17.1.1 20
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 20
224.0.0.0 240.0.0.0 222.254.192.233 222.254.192.233 1
255.255.255.255 255.255.255.255 10.0.0.6 10.0.0.6 1
255.255.255.255 255.255.255.255 172.17.1.1 172.17.1.1 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
255.255.255.255 255.255.255.255 222.254.192.233 222.254.192.233 1
Default Gateway: 222.254.192.233
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
172.16.0.0 255.255.0.0 10.0.0.5 1
172.19.0.0 255.255.0.0 10.0.0.5 1
172.20.0.0 255.255.0.0 10.0.0.5 1
172.21.0.0 255.255.0.0 10.0.0.5 1
172.30.0.0 255.255.0.0 10.0.0.5 1
172.18.0.0 255.255.0.0 10.0.0.6 20

PPPoE interface on ISA server (when it connect to the internet)
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 222.254.192.233
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 222.254.192.233
DNS Servers . . . . . . . . . . . : 203.162.4.190
203.162.4.191
NetBIOS over Tcpip. . . . . . . . : Disabled

My network

4 Subnet ? VLAN ? Cisco router ? GHDSL modem (bridge connection) <----> GHDSL modem (bridge connection) ? ISA server (1 subnet)

I have 2 office with A and B

Office A have 4 subnet from 172.16, 18, 19, 20.0.0
Office B have only one subnet 172.17.0.0

- The client on subnet 17 can access everything on subnet 16 but it can not use the inertnal website from any subnet else.
- I can ping or tracert event access to any server on office A to get file from client PC.
- At ISA server, I see that it can see access anything on subnet 16 but I just see the VLAN gateway from Cisco router

Tracert from client on office B
Tracing route to navigos-8417fca [172.18.1.79]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms ifw01.ngv.com [172.17.1.1]
2 6 ms 8 ms 4 ms 10.0.0.5
3 * * * Request timed out.
4 560 ms 565 ms 567 ms navigos-8417fca [172.18.1.79]

Tracert from ISA server on office B

Tracing route to navigos-2xsth6c [172.18.1.79]
over a maximum of 30 hops:

1 5 ms 5 ms 4 ms 10.0.0.5
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.

At ISA server I already created network, rule, and open all port for 2 internal traffic between 2 offices. All the users on office B can access to the internet without any problem.

I don?t know what wrong with that. Any idea???

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Cisco Router?

by CG IT In reply to ISA Server with 3 NIC

what is the configuration of the Cisco router? what model? 800 series?

it's possible that the problem isn't ISA rather at the Cisco router.

If your using an 800 series Cisco ADSL router on one subnet and ISA on another subnet, you have 2 firewalls in the mix. Cisco's IOS default Access list rules is that all traffic is blocked unless otherwise allowed.

Where are both firewalls in relation to each other on the network?

You can setup remote access on ISA running the remote access wizard which will configure ISA to allow inbound remote access clients based upon user group membership in Active Directory if your using AD. If not you have to specify which users will be granted remote access [secure NAT clients].

Cisco on the other hand, has to be configured with an access list which allows VPN remote access via PPTP, L2TP, IPSec etc based upon what protocol your going to use, who is allowed remote access [address or MAC based].

Collapse -

Cisco is not a problem

by minhhiep.duong In reply to Cisco Router?

I use Windows 2k3 to be a router. When i try to routing on it (without ISA)all the connection is go without any problem. After that, i install the ISA server, i just same problem that i show to you.

From the first time, i worry about my routing configuration on Windows then i was clean install then step be step to route traffic then it ran well (without ISA.

Something strangle here.

I was try to move the route on to another PC then ISA had just 2 NIC then it have no problem with traffic between these subnet.

Any idea?

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums