ISA 2006 3-leg configuration question
Posted on 2008-10-01
HI, I try to configure correctly my 3-leg ISA server
first the network:
Nic1: Internal (10.0.1.51) No Default Gateway, Internal DNS
Nic2: External (66.X.X.X) DG: ISP gateway NO DNS
Nic3: Perimeter (10.0.5.1) No Default Gateway no dns (for now)
After switching to 3-leg template I change the Perimeter->External to NAT et and the Perimeter->Internal to Route.
I the Network tab of ISA I check that Internal see 10.0.1.0 to 10.0.1.255 and Perimeter see 10.0.5.0 to 10.0.5.255.
I add this range in the PING system policy for testing purpose.
I add this 2 testing access rule:
- Allow, PING from Internal, to Perimeter, All user (name of the rule: Test2)
- Allow, PING from Perimeter, to Internal, All user (name of the rule: Test)
Not Ping result from a computer IN the perimeter network:
- Ping the Perimter nic (10.0.5.1) : Ping OK
- Ping the Internal nic (10.0.1.51): Ping OK
- Ping another computer on the Internal network: Can't Ping
Same result of ping from a computer inside the Internal Network. I can ping all the ISA nic but not a host in the other network.
I monitor the ISA log when I do a PING:
Original Client IP: 10.0.1.45
Client IP: 10.0.1.45
Destination IP: 10.0.5.44
Action: Initiated Connection
Result Code: 0x0 ERROR_SUCCESS
Source Network: Internal
Destination Network: Perimeter
Log Record Type: Firewall
I forgot to mention that the Perimeter and Internal NIC have subnet mask set to 255.255.255.0, maybe is the point?