Hello all. i'm very new to ISA server but i'm in a position where we have taken over a network that has an ISA 2004 server running 2003 server and a cisco PIX firewall/router as well.
Let me tell you my basic problem other than not knowing ISA server ; )
All of the clients on the network have an ip address in the 192.168.1.X subnet and they are all connected to a switch which is also connected to one network card of the ISA server and that ip address is 192.168.1.1.
the OTHER network card in the ISA server has an ip of 192.168.11.2 and it's default gateway is 192.168.11.1 which is the Cisco PIX ethernet interface.
Now, the pix also has two nics and the OTHER side of the cisco Pix is what is connected to the internet. it has a public internet routable ip address and there are no limiting access rules on that PIX...pretty much it's wide open.
So, ok. my issue is actually quite simple so it seems. from the pix i can ping 192.168.11.2 (nic on ISA server that pix is connected to) but i need to allow incoming connections from the pix to the internal network of the ISA server (192.168.1.X) network. i have some servers internally and a few video cameras with internal ip's that can be remotely managed from the internet. So, i need to be able to connect to the PIX's public ip address which is no problem, and then have the pix use it's NAT to route the connections to the 192.168.1.X network on the ISA.
one thing i DID do that allowed me to ping 192.168.1.1 from the pix:
i edited the 'system policy' of the ISA server to allow ICMP connections from the 192.168.11.0 subnet. so this lets me ping that one address, however it's not allowing it any further.....i can't ping any other 192.168.1.X address on the network and that is where i'm stuck.
not sure why this is so complicated but can anyone help me on this? i'm really stuck here and it just seems like such a simple thing to do but i have no experience with ISA server at all. just need it to allow basically any traffic from my pix (192.168.11.1) into the ISA server (192.168.11.2) and through to the 192.168.1.X network
can anyone help me with this?
Let me tell you my basic problem other than not knowing ISA server ; )
All of the clients on the network have an ip address in the 192.168.1.X subnet and they are all connected to a switch which is also connected to one network card of the ISA server and that ip address is 192.168.1.1.
the OTHER network card in the ISA server has an ip of 192.168.11.2 and it's default gateway is 192.168.11.1 which is the Cisco PIX ethernet interface.
Now, the pix also has two nics and the OTHER side of the cisco Pix is what is connected to the internet. it has a public internet routable ip address and there are no limiting access rules on that PIX...pretty much it's wide open.
So, ok. my issue is actually quite simple so it seems. from the pix i can ping 192.168.11.2 (nic on ISA server that pix is connected to) but i need to allow incoming connections from the pix to the internal network of the ISA server (192.168.1.X) network. i have some servers internally and a few video cameras with internal ip's that can be remotely managed from the internet. So, i need to be able to connect to the PIX's public ip address which is no problem, and then have the pix use it's NAT to route the connections to the 192.168.1.X network on the ISA.
one thing i DID do that allowed me to ping 192.168.1.1 from the pix:
i edited the 'system policy' of the ISA server to allow ICMP connections from the 192.168.11.0 subnet. so this lets me ping that one address, however it's not allowing it any further.....i can't ping any other 192.168.1.X address on the network and that is where i'm stuck.
not sure why this is so complicated but can anyone help me on this? i'm really stuck here and it just seems like such a simple thing to do but i have no experience with ISA server at all. just need it to allow basically any traffic from my pix (192.168.11.1) into the ISA server (192.168.11.2) and through to the 192.168.1.X network
can anyone help me with this?
