stalliondz
asked on
ISA Traffic redirection (rules/Policies)
Hello,
We have ISA 2006 with 2 network interfaces configured as ( External : 10.0.0.2/24) (Internal : 10.100.1.5/22)
the company user's gateway is set as 10.100.1.5 that will make ISA decide if the user has access to the internet and let it out or not.
we have another gatway that is 10.100.1.254 (which is a Junipper firewall+VPN) and it is used to link our branch offices together.
the problem is that when i user tries to access a shared folder that is in a branch office (example 10.100.30.2 which is a server in a branch office), he cant because his gateway is 10.100.1.5 which is the ISA server and not the Junipper Firewall.
is there any way to make a rule in the ISA server that will see if the traffic destination in (10.100.30.x) it should forward it to the Junipper Firewall (10.100.1.254) and like that the user will have access to the shared folder in the branch office, and if the user destination is any thing other then 10.100.3.x then it should process it and let it throught the normal policies and then throught the normal interface (10.0.0.2)
We have ISA 2006 with 2 network interfaces configured as ( External : 10.0.0.2/24) (Internal : 10.100.1.5/22)
the company user's gateway is set as 10.100.1.5 that will make ISA decide if the user has access to the internet and let it out or not.
we have another gatway that is 10.100.1.254 (which is a Junipper firewall+VPN) and it is used to link our branch offices together.
the problem is that when i user tries to access a shared folder that is in a branch office (example 10.100.30.2 which is a server in a branch office), he cant because his gateway is 10.100.1.5 which is the ISA server and not the Junipper Firewall.
is there any way to make a rule in the ISA server that will see if the traffic destination in (10.100.30.x) it should forward it to the Junipper Firewall (10.100.1.254) and like that the user will have access to the shared folder in the branch office, and if the user destination is any thing other then 10.100.3.x then it should process it and let it throught the normal policies and then throught the normal interface (10.0.0.2)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
route delete 10.100.30.0 mask 255.255.255.0 10.100.1.254
and you are welcome :)
ASKER
I have tried it, it didn't return any error, but it was still not working,i made some googling and voila as an addition to your command, i had also to define 10.100.30.0/23 to the internal network addresses, and it worked.
one last issue related to the same matter, if some day we decide to remove that, how can it be done as it's from the CMD line and i cant see any changes from teh rules/policies in the ISA main app. now can we remove what i have just made (the static route that i have just created)!