Internet across subnets

[Sunderwood]

Hey all,

We have 4 Class b subnets on our network and we have an ISA server which supplies a backup broadband for (when) the LA broadband goes down.

The ISA server ip address is obviously setup on one of these subnets. But the issue is anyone on the other ip ranges is cannot access the internet from that isa server?

It was all working correctly until we re-installed it on the new range that we had setup?

i have specified all the internal network ranges.

Any help would be great!!


Thanks

[srochford]

The internal card on your ISA server needs route(s) specifying so that it can get to the other internal subnets (you don't want a default gateway because I'm guessing you already have one of those on the external card; 2 default gateways will give you grief).

Putting the subnets in ISA itself just says you'll accept requests from those but you've also got to tell the TCP/IP stuff how to get to/from your server

[Sunderwood]

mmm.. ive just created 4 entries for my subnets and then created a firewall policy to allow ping from these sources to local host.

Then went to my machine and ping the server and i am getting no reply?

any ideas?

[srochford]

on the ISA server, go to a command prompt and type

route print

and paste the output here. Do the same for a workstation which can't ping the ISA server.

It doesn't matter what you do in the ISA console - if you've not told the TCP/IP stack how to route packets in/out of the machine then nothing you've done in the ISA console makes any difference!

[SYNACK]

How is your central network routed, your best bet would be to configure your central router to use a routing protocol like RIP or OSPF and specify both gateways in its configuration with different priorities. This all hosts retain the same default gateway of the central routers interface in their subnet and the core router will switch to the second default gateway if the first is unreachable.

[Sunderwood]

ok i found the problem... but not the solution

when i put my default gateway back in the ip configuration for the internal card the internet and all other services are restored back to the other subnets.

Which is obvious i guess because without it in there the server would know how to transport packets to its own subnet, but can't transport packets back to the default gateway which then does the routing..

But this obviously is no a recommended ISA setup.. so has anyone got an idea how to configure this properly ?

regards

[SYNACK]

You will need to add static routes to your other subnets that point to your internal router that routes between subnets. Make sure that your other internal address spaces are configured as part of the ISA internal network and then add routes to the ISA box like this:

In a command window on the ISA box type:
route add 10.1.0.0 (internal-network) mask 255.255.0.0 (subnet-mask) 10.10.1.1 (default-gateway-for-address) -p (persistent)

ie:
route add 10.1.0.0 mask 255.255.0.0 10.10.1.1 -p
route add 10.2.0.0 mask 255.255.0.0 10.10.1.1 -p
route add 10.3.0.0 mask 255.255.0.0 10.10.1.1 -p
route add 10.4.0.0 mask 255.255.0.0 10.10.1.1 -p

If everything else is set up right this should work.