Is anyone here good with ISA??? Having a bit of a nightmare at work and can't seem to get my head around why it is happening....
ISA sits between bolton lea microwave link and our network, just upgraded from 200 to 2006, been done the ISA course during the summer so know the ins and outs. Trying to get access to our exchange box from outside net... mail.harper-green.bolton.sch.uk (yeah check it, dont think the lea have set up outside dns right) thats not the point though, isa external ip = 10.10.11.200, 255,0,0,0 internal networks are 2 cards, 10.15.1.1 and 10.12.1.201 for net and admin domains, set up isa as lea have asked with exchange but not working, have a pc in the switch on external network which is set at 10.10.11.45 to see if i can see the isa from the lea network (we are the only school to break away and have our own isolated network) the ip dont work, cant ping the isa box even though rules are set up to allow it, can see in log ping go into isa but does nothing........... main reason am asking..... isa throws a fit in alerts and says its going to ignore spoof attacks from the 10 10- addresses on both the internal and external cards, ie why the ping packets are dropped by the isa...
anyone had a nightmare like this? googled the errors and tried suggested things, cleared ip table etc......
external ip = 10.10.11.200, 255,0,0,0 internal networks are 2 cards, 10.15.1.1 and 10.12.1.201
Sorry, that's broken - you can't have 10.x.x.x addresses on the internal NICs when the external NIC has a 10.x.x.x address with a 255.0.0.0 netmask and expect it to work. That's telling the system that all addresses beginning with 10. live on the outside which is clearly not true in your case.
I'd make the netmask on the external NIC 255.255.255.0. Make sure the netmasks on the internal NICs do not have the same problem - the netmasks there should be 255.255.x.y where x.y depends on the number of PCs you have on each internal subnet.
Yeah i thought it was that lol!! tried che subnet mask of 255.255.252.0 and 255.255.255.0 on external card but internet dies for pc's, didn't reboot though with new ip's, will remote in and change it, or wait till Monday lol!! if i remote in and change and it dont work its off till mon morn lol!!! Cheers for ur help, had an idea this was the problem, just wanted to get someone else view on it to make sure i was correct
10.15.1.1 and 10.12.1.201 are both admin and curriculum networks but on the same infastructure, admin is active dir with fixed ip's, curriculum is act dir, dhcp, dns for both domains, as is the isa. bit of a pain network but it does work quite well, want to put all on 1 network but thats a task for the summer lol!!
Ok.. when you said the "internet dies" I had a momentary panic about how many bits were needed in the external NIC netmask. With that gateway address a 255.255.255.0 netmask seems correct i.e. will allow that side of the ISA box to find & talk to the gateway.
I'd go check the internal NIC netmasks are ok and probably do the initial ISA 2K6 configuration again (haven't done that for ages but it's the bit with the pictures where you choose your topology), then start looking at making rules permitting some LAN->WAN traffic.