Announcement

Collapse
No announcement yet.

Secure Nat - ISA 2004

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure Nat - ISA 2004

    HI there...
    I have setup of network which spanned into to two routed subnets. In Site A subnet(192.168.1.1/24) some of the servers should be configured as SecureNAT client to successfully route the response back to the Internet through ISA Server which is present in Site B(192.168.2.1/24). Details given below.

    ** My DNS server is configured with Forwarders which uses ISP's DNS Servers for resolving**
    **At ISA Server a persistent Route is Added with subnet of Site A **

    DNS Server(IP:192.168.1.1/24, DG: 192.168.1.100)<-> (Site A) Router1 (IP: 192.168.1.100)<->(Site B) Router2 (IP: 192.168.2.100)<->ISA Server(WITH 2 Nics) (Nic1: IP:192.168.2.2 NIC2: RealIP with DG of Modem IP)

    At the command of DNS server iam unable to resolve using NSLOOKUP Command...Could anybody point out any mistake in my configuration.

    Thanx in Advance..

  • #2
    Re: Secure Nat - ISA 2004

    Is the 192.168.1.x subnet also added to the Internal Network at the ISA server?
    Is the routing correctly in plce between site A and site B?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Secure Nat - ISA 2004

      yes...at ISA Server ihave added subnet 192.168.1.x...Between the subnets we are successfully sharing the files....

      Regards

      Comment


      • #4
        Re: Secure Nat - ISA 2004

        Where have you added the 192.168.1.x/24 precisely?
        Have you created the correct access rules?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Secure Nat - ISA 2004

          Thanx for your interest in my case....Please go thru my exact configuration given below:

          Site A:
          192.168.2.0/24 Subnet
          Router1 IP: 192.168.2.254
          Configured Internal DNS Server only for Domain DNS resolution, Forwards to the ISP for internet name resolutions.

          DNS Server: (Configured as SecureNAT Client)
          IP: 192.168.2.1
          DG: 192.168.2.254


          ***********************
          Site B:
          192.168.1.0/24 Subnet
          Router2 IP: 192.168.1.254
          ISA Server:
          Nic1: 192.168.2.100
          Nic2: Public IP provided by ISP with Default Gateway as ADSL Modem
          Executed Following Command:
          Route Add 192.168.2.0 Mask 255.255.255.0 192.168.1.100 -p
          Configuration-Networks-Internal-Properties-Addresses-Add Range (192.168.1.1/24 and 192.168.2.1/24)
          Access rule defined by allowing DNS traffic from Internal to External

          Reference : http://technet.microsoft.com/en-us/l.../cc302676.aspx


          Regards,

          Comment


          • #6
            Re: Secure Nat - ISA 2004

            Ok Check the following:
            Nic1 ISA server: IP address 192.168.2.100.
            If he is in site B then he is in the wrong subnet.

            Route add command is incorrect.
            You should create a route to the next hop in this case to router 2.
            Route Add 192.168.2.0 Mask 255.255.255.0 192.168.1.100 -p
            should become:
            Route Add 192.168.2.0 Mask 255.255.255.0 192.168.1.254 -p
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Secure Nat - ISA 2004

              thanx......sorry ISA ip is 192.168.1.100.....regarding Route Add iwill add as per your line and get back to u soon...

              Comment

              Working...
              X