[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ISA filtering/routing

Posted on 2004-10-26
6
Medium Priority
?
254 Views
Last Modified: 2010-04-14
My situation is as follows:


Internet --- PIX --- ISA --- LAN


The PIX firewall outside interface is connected to the Internet.
ISA Server 2000 (2000 SBS Server) is connected via crossover cable to PIX inside.
ISA Server 2nd NIC is connected to LAN.
IP address of PIX outside is 1.1.1.2/30
IP address of PIX inside is 192.168.1.1/24
IP address of ISA outside is 192.168.1.2/24
IP address of ISA inside is 10.0.0.1/8
IP address of Terminal Server is 10.0.0.80/8
IP address of VPN client connected to PIX is 192.168.2.0/24

What I need to happen is for VPN client connected to the PIX (from Internet) with IP address 192.168.2.x be able to connect to Terminal Server 10.0.0.80 which is on the other side of the ISA box.

What routing/filtering/other do I need to setup/configure on the ISA box. Essentially what I want to do is to allow traffic from 192.168.2.x on the unsecure interface of the ISA box to be routed to the secure subnet (10.0.0.0) interface without being NAT'ed or anything else.

I am a quite proficient at routing/firewall/network config, but an ISA dummy, so concepts are ok, but don't assume I know how to do anything at all in ISA (ie. step-by-step would be nice). This is something I have inherited, I would choose to do things differently given the option to start again.

Thanks.

0
Comment
Question by:td_miles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 2

Expert Comment

by:hanano
ID: 12413724
hi

you can't do that with isa 2000,because its always do nating ,can't routed but in isa 2004 you can do it
0
 
LVL 13

Author Comment

by:td_miles
ID: 12416514
ok, if thats the case,  what can I do to work around this ?
0
 
LVL 2

Expert Comment

by:hanano
ID: 12418751
can you explain more in detail what you want exactly
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 13

Author Comment

by:td_miles
ID: 12418898
I want a way for people who are connected to the PIX with the VPN client (and have IP address 192.168.2.x) to be able to connect to Terminal Services on IP 10.0.0.80.

Between the two lies the ISA server.
0
 
LVL 2

Accepted Solution

by:
hanano earned 2000 total points
ID: 12419638
you should publish your internal terminal server on isa
http://support.microsoft.com/default.aspx?scid=kb;en-us;294720 

regards
0
 
LVL 13

Author Comment

by:td_miles
ID: 12460565
managed to get it published finally (had outbound instead of inbound, DOH !).
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question