Repost: Router on Internal LAN range - need to use AS WELL as ISA...

Hi all,

Hopefully not too strange a query here.

We have a nice working SBS2000 set-up here, Internet connection via 2nd NIC
and Broadband Router. We also have a PBX which also acts as a Router and
also provides some nice CTI functionality. Query is this:

We [or more specifically certain users on the LAN] need to be able to route
out via the PBX's integral router to certain customer sites. To access the
full CTI functionality of the PBX we need the PBX sitting on our INTERNAL
LAN range. By default obviously, any packets not destined for the internal
LAN get routed outwards by the Server - hence no routing to clients via the
PBX...

What I've done thus far is this:

1] Moved the PBX to our internal LAN [was previously sitting between the
external NIC and the Broadband Router - worked fine in that set-up but less
CTI functionality] and assigned it a fixed IP address on our LAN which is
reserved in the DHCP set-up on the SBS box. In the Router config on the PBX
I've entered a default route pointing at the Server's internal NIC address
so that any packets not for any of the PBX defined routes/addresses get
passed to the SBS box.

2] This has enabled the full CTI side - so far, so good

3] Re-ran the ICW and Internet access is working fine from both Server and
LAN clients

4] I've also amended the DHCP scope to have the PBX/Router as another Router
and moved this to be first in the list of router addresses provided via DHCP

5] From a standalone laptop without the ISA client, I can route to clients
via the PBX no problem - so it *appears* that the DHCP/routing side is
working fine

6] From LAN clients we *can* now ping remote clients using the PBX router,
whilst still having full Internet access via ISA and our broadband
connection

7] However, from my PC with the ISA client I cannot route via the PBX using
the PBX management software

8] If I connect a standalone laptop to our LAN side as a DHCP client, I
*can* use the PBX management software and route via the PBX router - only
change is that it does not have the ISA firewall client installed

I *think* that the ISA client *appears* to be the likely thing I need to
configure somehow but I'm unsure how to do so - can anyone provide any
pointers?

What I want [ideally] is to have all packets from any LAN clients going to
the PBX/Router initially and if they're destined for one of the remote
clients on that side, get routed by the PBX. If not, the packets should be
forwarded to the SBS box and dealt with as normal.

Or is what we're trying to achieve impossible?

Thanks in advance,



David

sam
Fri Nov 28 10:21:05 CST 2003

Hi David

I think that you encountered different behaviour from different clients of your LAN. I struggled with that for a long time

I used the ISA sessions monitoring tool to make sure that my clients were setup OK (showing as firewall Session only). The setting I use are
- firewall client: do NOT automatically detec
- TCP/IP in client's Networking config: all automatic and DNS server pointing to inner NIC of SBS server. Nothing else
- Internet explorer NOT automatically detect, use script and proxy, uncheck bypass for local
- ISA: Access Policy, Site and content rules, Backoffice.....rule, set to "any request" (not authenticated users

Two articles are of interest here: ISA for Dummies on www.sbs2000.info that explains all about the firewall client and the way they connect depending on network setting

And several articles on isaserver.or

However I needed quite some help from Chad Gross to have all apps run without problems...

Hope this helps, good luck
Sam

David
Fri Nov 28 16:18:03 CST 2003

OK - was on the money with it being the ISA Firewall Client - if I disable
this I can use the PBX program and the PBX routing fine. All I need to do
now is hopefully find some way of not having to manually disable each time -
is there a way I can set certain programs to not use the Firewall Client?

Cheers,



David



"Sam Jaarsma" <sam@grupoamengual.com.nospam> wrote in message
news:F8AAA702-D830-4510-B3CA-C8474D200091@microsoft.com...
> Hi David,
>
> I think that you encountered different behaviour from different clients of
your LAN. I struggled with that for a long time.
>
> I used the ISA sessions monitoring tool to make sure that my clients were
setup OK (showing as firewall Session only). The setting I use are:
> - firewall client: do NOT automatically detect
> - TCP/IP in client's Networking config: all automatic and DNS server
pointing to inner NIC of SBS server. Nothing else.
> - Internet explorer NOT automatically detect, use script and proxy,
uncheck bypass for local.
> - ISA: Access Policy, Site and content rules, Backoffice.....rule, set to
"any request" (not authenticated users)
>
> Two articles are of interest here: ISA for Dummies on www.sbs2000.info
that explains all about the firewall client and the way they connect
depending on network settings
>
> And several articles on isaserver.org
>
> However I needed quite some help from Chad Gross to have all apps run
without problems....
>
> Hope this helps, good luck!
> Sam

Chad
Fri Nov 28 17:39:04 CST 2003

Hi David -

Try this. On your SBS, open ISA Management and navigate to Servers & Arrays
| <servername> | Client Configuration. Double-click on Firewall Client & go
to the Application Settings tab. Click New, then enter the name of the
program's executable file (minus the .exe), key = disable, value = 1.
Refresh the firewall client on your workstation and see if that does the
trick.

--
Chad A. Gross [SBS-MVP]

SBS ROCKS!!!

"David Elders" <david.elders@akdsystems.co.uk> wrote in message
news:uEigz1ftDHA.3144@tk2msftngp13.phx.gbl...
> OK - was on the money with it being the ISA Firewall Client - if I disable
> this I can use the PBX program and the PBX routing fine. All I need to do
> now is hopefully find some way of not having to manually disable each
time -
> is there a way I can set certain programs to not use the Firewall Client?
>
> Cheers,
>
>
>
> David
>
>
>
> "Sam Jaarsma" <sam@grupoamengual.com.nospam> wrote in message
> news:F8AAA702-D830-4510-B3CA-C8474D200091@microsoft.com...
> > Hi David,
> >
> > I think that you encountered different behaviour from different clients
of
> your LAN. I struggled with that for a long time.
> >
> > I used the ISA sessions monitoring tool to make sure that my clients
were
> setup OK (showing as firewall Session only). The setting I use are:
> > - firewall client: do NOT automatically detect
> > - TCP/IP in client's Networking config: all automatic and DNS server
> pointing to inner NIC of SBS server. Nothing else.
> > - Internet explorer NOT automatically detect, use script and proxy,
> uncheck bypass for local.
> > - ISA: Access Policy, Site and content rules, Backoffice.....rule, set
to
> "any request" (not authenticated users)
> >
> > Two articles are of interest here: ISA for Dummies on www.sbs2000.info
> that explains all about the firewall client and the way they connect
> depending on network settings
> >
> > And several articles on isaserver.org
> >
> > However I needed quite some help from Chad Gross to have all apps run
> without problems....
> >
> > Hope this helps, good luck!
> > Sam
>
>

David
Sat Nov 29 06:09:07 CST 2003

Thanks Chad - did indeed. I'd actually messed around last night and found
this more by accident/hapy coincidence than anything else!

Does indeed seem to have solved the problem though...

Thanks again,


David

PS - thanks for the brief post recently noting the different ISA firewall
client icons showing the relevant status - had ALWAYS wondered about that
before and as to why it changed periodically through the day!



"Chad A Gross [SBS-MVP]" <chad.gross@laytonflower.nospam.com> wrote in
message news:#JfwxigtDHA.1680@TK2MSFTNGP12.phx.gbl...
> Hi David -
>
> Try this. On your SBS, open ISA Management and navigate to Servers &
Arrays
> | <servername> | Client Configuration. Double-click on Firewall Client &
go
> to the Application Settings tab. Click New, then enter the name of the
> program's executable file (minus the .exe), key = disable, value = 1.
> Refresh the firewall client on your workstation and see if that does the
> trick.
>
> --
> Chad A. Gross [SBS-MVP]
>
> SBS ROCKS!!!
>
> "David Elders" <david.elders@akdsystems.co.uk> wrote in message
> news:uEigz1ftDHA.3144@tk2msftngp13.phx.gbl...
> > OK - was on the money with it being the ISA Firewall Client - if I
disable
> > this I can use the PBX program and the PBX routing fine. All I need to
do
> > now is hopefully find some way of not having to manually disable each
> time -
> > is there a way I can set certain programs to not use the Firewall
Client?
> >
> > Cheers,
> >
> >
> >
> > David
> >
> >
> >
> > "Sam Jaarsma" <sam@grupoamengual.com.nospam> wrote in message
> > news:F8AAA702-D830-4510-B3CA-C8474D200091@microsoft.com...
> > > Hi David,
> > >
> > > I think that you encountered different behaviour from different
clients
> of
> > your LAN. I struggled with that for a long time.
> > >
> > > I used the ISA sessions monitoring tool to make sure that my clients
> were
> > setup OK (showing as firewall Session only). The setting I use are:
> > > - firewall client: do NOT automatically detect
> > > - TCP/IP in client's Networking config: all automatic and DNS server
> > pointing to inner NIC of SBS server. Nothing else.
> > > - Internet explorer NOT automatically detect, use script and proxy,
> > uncheck bypass for local.
> > > - ISA: Access Policy, Site and content rules, Backoffice.....rule, set
> to
> > "any request" (not authenticated users)
> > >
> > > Two articles are of interest here: ISA for Dummies on www.sbs2000.info
> > that explains all about the firewall client and the way they connect
> > depending on network settings
> > >
> > > And several articles on isaserver.org
> > >
> > > However I needed quite some help from Chad Gross to have all apps run
> > without problems....
> > >
> > > Hope this helps, good luck!
> > > Sam
> >
> >
>
>