?
Solved

Adding Routes to ISA 2000

Posted on 2006-04-10
14
Medium Priority
?
200 Views
Last Modified: 2013-11-16
Ok, a new IP range has been added to our network. DHCP and DNS work fine in these computers but the computers with these new IPs (172.16.20x.xxx) cant PING my ISA server which is 172.16.101.xxx (internal). I am new to ISA so I am kind of stumped as of what to do. I added an entry in the LAT table in ISA management but doesnt seem to work. I added them recently, would I have to restart the services?

Thanks in advance.
0
Comment
Question by:Nauj
  • 5
  • 5
  • 4
14 Comments
 
LVL 8

Expert Comment

by:Saineolai
ID: 16419919
You may need to add a static route to that subnet via the local internal router, if your ISA box has its default gateway pointing to a local external router.

the route add command from a dos prompt will allow you to do this.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16420210
no, should not have to restart the services. (It should have prompted you when you saved the configuration if this was a requirement).
On the isa box, drop into a cmd windows.
type in
route print
Does this show your new network listed?
Can you ping a client on the new network subnet from the ISA box?

As above, there has to be tcpip connectivity between the ISA and all clients.
0
 

Author Comment

by:Nauj
ID: 16420630
When I do a route print the new entries I made in the LAT do not show up.

When I try to ping the client (or its gateway) I get Request Timed Out.

Does ISA 2000 prompt for configuration saving? I thought that was only in 2004.

Thanks again.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16420687
No 2000 will ask for a services restart as and when needed. 2004 does the same but in a different way. if you do not have connectivity from the ISA box anyway then adding the subnet to ISA itself will make no difference; the connectivity must be there to start with.

So, if this is a new subnet, how does it get to the ISA (from a networking perspective? What is between the ISA server and this new subnet? As per Saineolai , is there a router/layer3 switch in between?

0
 

Author Comment

by:Nauj
ID: 16420865
Ok, there are basically 3 domains (w trust relationships and all that) each with a "core switch" that is connected by fiber to the other domains. The ISA is in my domain (I use the ISA fine and can ping the clients machine that is having problems with the ISA) and the client is in mine too but it has an IP belonging to the other domain (long story short, it had to be connected to a switch that goes to the other domain).

I dont know if all of that is clear but basically I (from my workstation) can ping both the ISA and the client and they can ping me but not each other.
0
 
LVL 8

Expert Comment

by:Saineolai
ID: 16420937
Can you post an IPCONFIG from your ISA server and the two PCs you are testing from?

This issue is most likely a routing issue between the ISA server and the PC on the other network segment.

0
 
LVL 8

Expert Comment

by:Saineolai
ID: 16420970
If there is an external address in the IPconfig you may want to change the first three octets of the addresses before posting.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16421002
I agree. This is not an ISA issue from what you are telling us but a more fundamental networking problem. We can help you sort it but I think your problem will be outside of ISA.
Regards
Keith
ISA MCT
0
 

Author Comment

by:Nauj
ID: 16421186
My station's IPCONFIG
Windows IP Configuration

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : x.local

        IP Address. . . . . . . . . . . . : 172.16.101.125

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 172.16.101.1

ISAs IPCONFIG

Windows IP Configuration

Ethernet adapter External:

 Connection-specific DNS Suffix  . :

   IP Address. . . . . . . . . . . . : xxx.xxx.xxx.145

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : xxx.xxx.xxx.1

Ethernet adapter Internal:

Connection-specific DNS Suffix  . :

   IP Address. . . . . . . . . . . . : 172.16.101.123

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

The other stations IPCONFIG I cant get to right now (that office already left for the day) but it should look like:

Windows IP Configuration

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : x.local

        IP Address. . . . . . . . . . . . : 172.16.203.xxx

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 172.16.203.1

I really appreciate the help
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16421222
So, how does the 172.16.203.0 network connect to the 172.16.203.0 network?
0
 
LVL 8

Accepted Solution

by:
Saineolai earned 1600 total points
ID: 16421552
I suggest that you add the following static route on the ISA server to the 172.16.203.0 network via 172.16.101.1

in a command prompt on the ISA server

route add 172.16.203.0 mask 255.255.255.0 172.16.101.1 -p

The -p makes it presist through reboots.
0
 

Author Comment

by:Nauj
ID: 16442698
Im currently out of the office, ill try it when I get back and let you know.

Thanks again.
0
 

Author Comment

by:Nauj
ID: 16482247
That worked perfectly Saineolai. The ISA and the users computer can now ping eachother.

I thank you both greatly for the help.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16482257
Ok, You're welcome anyway
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question