Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

routing question

0 views
Skip to first unread message

Kris

unread,
Oct 17, 2001, 9:11:59 AM10/17/01
to
We have the following (temporarily) setup :

ISA server with 3 nic's :
- one internal nic connected to the local lan (private ip's)
- one external nic connected to a LL
- one external nic connected to an ADSL router

When we change the default gateway on the isa server from the IP address of
the LL router to the IP address of the ADSL router, all workstations access
the internet through our ADSL connection. Also all outgoing mail is being
send.

But here's the problem : incoming mail is being routed through our LL
connection and when our mailserver tries to respond to the incoming SMTP
traffic, the packets are going out through the ADSL connection and thus
never arrive at the 'LL provider'.

Can I force all SMTP packets to take the LL route ?

Thanks!

--Kris


Peter

unread,
Oct 17, 2001, 12:16:35 PM10/17/01
to
Yes, you can. you can create a static host route on your ISA server that
specifies that to get to 199.199.199.199 it must use the LL interface.
here's and example:
Route add 199.199.199.199 mask 255.255.255.255 199.199.199.gw if
199.199.199.ISA

Route Print - Displays routing table
Route /? - for help

Alternatively you could run a dynamic routing protocol like RIP or OSPF,
which I would not recommend on an ISA server.

Finally, you could use a router with the DSL and LL connected to it. Then
have a single connection from ISA to the router and let the router decide
which path to take based on a dynamic routing protocol.

Of the three choices the host route above will be the simplest.

Good luck.

Peter

"Kris" <kris.van...@viveo-cognitive-systems.com> wrote in message
news:O9rieAxVBHA.2028@tkmsftngp07...

Kris

unread,
Oct 18, 2001, 9:50:10 AM10/18/01
to
Peter,

Thanks for the info.

About soluton 1 (adding a static route on the ISA server), I received the
following from someone else :

" ISA will not use two external interfaces, regardless of the gateway
settings
you make. "

Could this be right ?

Thanks
Kris

"Peter" <spam...@tampabay.rr.com> wrote in message
news:D9iz7.389230$8c3.70...@typhoon.tampabay.rr.com...

Jim Harrison

unread,
Oct 18, 2001, 10:17:00 AM10/18/01
to
Yes, it could. Many have tried (myself included). It's an unfortunate bug
in ISA.

--

Jim Harrison
MCP(NT4/2K), A+, Network+, PCG

"Kris" <kris.van...@viveo-cognitive-systems.com> wrote in message

news:ehTlBt9VBHA.992@tkmsftngp03...

Peter

unread,
Oct 18, 2001, 10:28:20 AM10/18/01
to
This is correct regarding the default gateway settings in IP configuration.
However, this is not correct when you use a dynamic routing protocol or
properly configured static routes in the routing table. What I told you does
work.

Here's what happens. When you have two cards and enter a default gateway for
both of them two default routes are created in the routing table. Like this:

Dest Mask Gateway Interface
0.0.0.0 0.0.0.0 199.199.199.1 199.199.199.23
0.0.0.0 0.0.0.0 210.45.189.1 210.45.189.45

Since the are both default routes the first one on the list is always used
so, it seems that ISA will not use the second NIC. But, if you have a more
specific route than the default then it is the preferred route and it will
be used instead of the default route. Remember, the default route is where
you send traffic that you don't know where it is supposed to go.

So, if you needed to send most of your traffic to the ISP whose router was
199.199.199.1 but, still needed certain traffic to go to the other ISP's
router you would enter something like this:

Dest Mask Gateway Interface
0.0.0.0 0.0.0.0 199.199.199.1 199.199.199.23
8.4.5.2 255.255.255.255 210.45.189.1 210.45.189.45

With this routing table, almost all traffic will be sent to 199.199.199.1.
This is the default route. However, any traffic that is supposed to go to
the mailserver at 8.4.5.2 will get sent to the second ISP's router at
210.45.189.1 thus using the second NIC whose address is 210.45.189.45

Good luck.

Peter

"Kris" <kris.van...@viveo-cognitive-systems.com> wrote in message

news:ehTlBt9VBHA.992@tkmsftngp03...

Jim Harrison

unread,
Oct 18, 2001, 10:39:34 AM10/18/01
to
That's not the issue here. I wasn't questioning the ability of the TCP/IP
stack to route to specific destinations.
Also, two default gateways are only useful for dead gateway detection, which
is not usually supported by the "customer end" of the ISP routing plan.

The real problem here is that ISA packet filtering itself refuses any
non-local-subnet traffic from the "extra" external interfaces, labeling them
as "IP spoofs". ISA apparently believes that any "non-primary" external
interface is DMZ.
The only workaround I've heard of is to disable IP spoof detection and this
affects the whole ISA, not just that one interface. Needless to say, that's
not a good alternative for me or anyone else that's tried it.

--

Jim Harrison
MCP(NT4/2K), A+, Network+, PCG

"Peter" <spam...@tampabay.rr.com> wrote in message
news:8GBz7.363736$aZ.72...@typhoon.tampabay.rr.com...

0 new messages