I already dealt with this in the ISA Groups.
Do not Multi-Post,...Cross-Post instead.
Multi-Post = Identical (yet different) message posted to multiple groups
Cross-Post = the same message posted to multiple via having multiple groups
listed as recipients.
With Cross-Posting, when a reply to the message is made the reply will show
up in all groups that were effected so the conversation is unbroken.
It is best to post in one group anyway and forget it. It is usually the same
crowd of people answering the questions in many of the groups. We *will*
see it,...if it should go into another group we will let you know.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"Habibalby" <(E-Mail Removed)> wrote in message
news:C5EBB359-E224-4DDA-BCB7-(E-Mail Removed)...
> Hello,
>
> Currently, I have an ISA Server 2004 STD Edition configured with 2 pNIC's
> External & Internal.
>
> External:
> IP Address: 192.168.1.50/25
> DG: 192.168.1.254
> DNS: N/A
>
> Internal:
> IP Address: 128.104.30.12/16
> DG:N/A
> DNS: 128.104.30.40
>
> I have a Routing Switch that configured with 4 vLANs. Switch IP Address
> 128.104.145.149.
>
> vLAN1: 192.168.1.0
> vLAN2: 128.104.0.0
> vLAN3: 172.16.20.0
> vLAN4: 10.1.0.0
>
> I have Setup another Virtual ISA Server to serve the vLAN3 segment &
> configured it with 2 vNICs;
>
> External:
> IP Address: 128.104.30.30/16
> DG:128.104.30.12 -> Internal Address of the Front-end ISA Firewall
> DNS:N/A
>
> Internal:
> IP Address: 172.16.20.101/24
> DG: N/A
> DNS: 172.16.20.55
>
> ======================================
> 1. In the Back-end ISA Server, I have created the 128.104.0.0 ~
> 128.104.255.255 as a DMZ Network.
> 2. Created a Route Relationship between default Internal Network behind
> the
> Back-end ISA Server and the DMZ Network
> 3. For testing purposes, I have created a Computer-Set for the ESX Servers
> &
> DMZ Clients & Created Access Rule All Outbound Protocols from Default
> Internal Network behind the Back-end ISA Server to DMZ Network. And Added
> both elements in this Rule as a Source & Destination
> 4. In the DMZ Clients. I Remove the 172.16.20.0 mask 255.255.255.0
> 128.104.145.149 Static Route & Added 172.16.20.0 mask 255.255.255.0
> 128.104.30.30 "External Interface of the Back-end ISA Server".
> 5. Configured the Front-end ISA Server with the Default Internal Network
> behind the Back-end ISA Server "172.16.20.0 172.16.20.255".
> 6. Configured a Static Route entry in the Front-end ISA Server 172.16.20.0
> mask 255.255.255.0 128.104.30.30
>
> DMZ Client configured with:
> IP Address: 128.104.100.30
> S.M: 16 bit
> D.G: 128.104.30.12 "Front-end ISA Server Internal Nic"
>
> As soon as I remove the Static Route 172.16.20.0 mask 255.255.255.0
> 128.104.145.49 from the DMZ Clients, I lost the connectivity to the
> 172.16.20.0 Network.
>
> While the 172.16.20.0 mask 255.255.255.0
> 128.104.145.49 is added, I can access to the 172.16.20.0 without
> Restrictions.
>
> I want to be able to added the 172.16.20.0 mask 255.255.255.0
> 128.104.30.30 and apply an Access-Rules from DMZ --> Default Internal
> Network behind the Back-end ISA Firewall
>
> Any help?
>
> Thanks.
Similar Threads
Linear Mode
