Desiging Back-to-Back ISA Firewall & VLAN Routing

Discussion in 'Windows Networking' started by Habibalby, Jan 2, 2009.

  1. Habibalby

    Habibalby Guest


    Currently, I have an ISA Server 2004 STD Edition configured with 2 pNIC's
    External & Internal.

    IP Address:
    DNS: N/A

    IP Address:

    I have a Routing Switch that configured with 4 vLANs. Switch IP Address


    I have Setup another Virtual ISA Server to serve the vLAN3 segment &
    configured it with 2 vNICs;

    IP Address:
    DG: -> Internal Address of the Front-end ISA Firewall

    IP Address:
    DG: N/A

    1. In the Back-end ISA Server, I have created the ~ as a DMZ Network.
    2. Created a Route Relationship between default Internal Network behind the
    Back-end ISA Server and the DMZ Network
    3. For testing purposes, I have created a Computer-Set for the ESX Servers &
    DMZ Clients & Created Access Rule All Outbound Protocols from Default
    Internal Network behind the Back-end ISA Server to DMZ Network. And Added
    both elements in this Rule as a Source & Destination
    4. In the DMZ Clients. I Remove the mask Static Route & Added mask "External Interface of the Back-end ISA Server".
    5. Configured the Front-end ISA Server with the Default Internal Network
    behind the Back-end ISA Server "".
    6. Configured a Static Route entry in the Front-end ISA Server

    DMZ Client configured with:
    IP Address:
    S.M: 16 bit
    D.G: "Front-end ISA Server Internal Nic"

    As soon as I remove the Static Route mask from the DMZ Clients, I lost the connectivity to the Network.

    While the mask is added, I can access to the without

    I want to be able to added the mask and apply an Access-Rules from DMZ --> Default Internal
    Network behind the Back-end ISA Firewall

    Any help?

    Habibalby, Jan 2, 2009
    1. Advertisements

  2. I already dealt with this in the ISA Groups.

    Do not Multi-Post,...Cross-Post instead.

    Multi-Post = Identical (yet different) message posted to multiple groups

    Cross-Post = the same message posted to multiple via having multiple groups
    listed as recipients.

    With Cross-Posting, when a reply to the message is made the reply will show
    up in all groups that were effected so the conversation is unbroken.

    It is best to post in one group anyway and forget it. It is usually the same
    crowd of people answering the questions in many of the groups. We *will*
    see it,...if it should go into another group we will let you know.

    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    Phillip Windell, Jan 2, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.