1

I have a situation where I have and ISA 2006 server (on Win2k3) that has an internal and an externaly facing NIC's. All works fine but I need to add a couple of routes for the following reason:

  1. Our monitoring software is on a different network.
  2. Our Terminal server is on a different network.

Currently, access to the internet, through this proxy server, from the terminal server fails. Also, monitoring of the ISA server via a remote monitor or the installed agent talking to the remote monitor (BMC) also fails. The default enterprise rule on ISA blocks the traffic as I beleive it doesn't trust / know about those networks.

Here is my routing table: alt text

I need to add a couple of address, but this one being the main one: 192.168.245.137 / mask 255.255.255.192 / gateway 192.168.245.129

But I can't get it to work. Routing is not my strong point but at the moment have no one else available to help. Can you offer any assistance?

Please ask if you need more info

Massimo
  • 68,714
  • 56
  • 196
  • 319
Kip
  • 897
  • 1
  • 12
  • 22

1 Answers1

1

You should at least have posted your ISA Server's internal and (masked) external IP addresses, otherwise it's quite difficult to help you.

I'm assuming from your routing table that your ISA's internal IP address is 172.16.3.202, and your internal subnet is 172.16.0.0/255.255.240.0.

You said you want your ISA to be able to talk to the 192.168.245.137/255.255.255.192 network; that's ok, but the question here is: how is it going to reach it? In order to add a static route entry, you need a gateway address which can let you send packets to the destination subnet; but the gateway address needs to be on a subnet you can already reach; otherwise, how could you reach the gateway itself?

From what you have posted, it looks like 192.168.245.129 is the gateway's address on the remote subnet; this is totally useless to you: you need to know how that gateway appears on your subnet, and then use its address in your routing table entry.

Let's say that gateway has two addresses (because a router needs at least two network interfaces to be able to route anything): 192.168.245.129 on the remote subnet, and 172.16.2.42 on your subnet. Then, the route table entry you should add to ISA would say "you can reach 192.168.245.137/255.255.255.192 via 172.16.2.42"; the exact command to achieve this would be

ROUTE ADD -p 192.168.245.137 MASK 255.255.255.192 172.16.2.42

Substitute "172.16.2.42" with your gateway's actual IP address, and you should be up and running.

Massimo
  • 68,714
  • 56
  • 196
  • 319