none
Rede com dois Gateway RRS feed

  • Discussão Geral

  • Pessoal, vou descrever o cenário atual e gostaria de sugestões de como resolver a situação:

    Tenho uma rede com um ISA server 2006 para prover e controlar a internet (com IP 192.168.0.253) para toda a rede. No entanto quando qualquer estação da rede solicitar no navegador uma faixa de IP público (172.1.22.0/254) deve obedecer o redirecionamento de rota feito na estação com o comando no DOS add router etc e deve apontar para o getway 192.168.0.254 (que interliga essa rede a uma outra rede externa via link dedicado em forma de VPN). para toda e qualquer outra solicitação deve direcionar para o getway ISAServer (192.168.0.253).

    Hoje o controle do Isa está por IP de cada estação e fuciona normalmente, no entanto preciso integrar o ISA ao AD e com isso instalar o IsaClient em casa estação, quando faço isso o Isa bloqueia o acesso porque a faixa de IP (172.1.2.0/254) é restrita e via internet de qualquer outro lugar não consigo obter acesso, apenas com o roteador com IP fixo na rede local 192.168.0.254 consigo acesso.

    Desde já agradeço a colaboração.

     


    • Editado Márcio Alves sexta-feira, 29 de julho de 2011 01:41 erro na palavra
    quinta-feira, 28 de julho de 2011 19:20

Todas as Respostas

  • Olá Márcio,

    existem algumas maneira de fazer o Firewall Client reconhecer um endereço como "interno". Segue o link abaixo:

    Firewall Client Local Addresses
    
     
    Whenever a Winsock application running on a Firewall client attempts to send a request to a computer, the Firewall Client layered service provider determines whether the destination IP address is local. If it is, the Firewall client sends the request directly to the destination. If the destination is remote, the request is sent to the Firewall service on an ISA Server computer, which handles the request in accordance with ISA Server access rules. By default, Firewall Client considers the following addresses as local:
     All addresses on the network on which it is located. ISA Server supplies the set of IP address ranges included in the network to all Firewall clients residing in the network. These IP address ranges are stored in memory by the Firewall Client Agent. 
    
    All addresses specified in the local routing table on the Firewall client computer.
     
    All domain suffixes specified on the Domains tab of the network properties page for the network in which the Firewall client is located. When Firewall clients connect to a domain specified in this local domain table, the request bypasses the Firewall client configuration. This enables such clients to connect directly to servers in the local network without looping back through ISA Server. 
    
    All IP addresses contained in a local address table (Locallat.txt), configured on the Firewall client computer. The Locallat.txt file may be created locally in the \Documents and Settings\All Users\Application Data\Microsoft\Firewall Client 2004 folder. When you create the Locallat.txt file, enter IP address pairs in the file. Each address pair defines either a range of IP addresses or a single IP address. The following example shows a Locallat.txt file that has two entries. The first entry is an IP address range and the second entry is a single IP address. Note that the second entry is an IP address and not a subnet mask:
     10.51.255.25510.51.255.255
     
    10.52.144.10310.52.144.103
     
    
    
    Request Handling
    
     
    The Firewall client deals with IP address requests as follows:
     When a Winsock application on the client computer tries to connect to an IP address, the Firewall client examines the local domain table to determine whether the IP address is on the Internal network or is external to the network. If the domain name is found in the local domain table, name resolution is completed by the client. Otherwise, the client requests that ISA Server resolve the name on its behalf by passing the request to an external DNS server.
     
    When client requests are resolved by ISA Server on behalf of the Firewall client, name resolution is completed in line with the DNS settings configured on the network adapter associated with the network on which the Firewall client request is received. The resolved IP address is returned to the Firewall client computer, which then sends a request to the destination. ISA Server caches the result of DNS queries it makes for Firewall clients, in accordance with the DNS Time to Live (TTL) settings configured for the network adapter.
     
    After name resolution returns the IP address of the destination server, the Firewall client checks the local address table and Locallat.txt to determine whether the address is local. For internal addresses, the client connects directly. Otherwise, the request goes through the Firewall service on the ISA Server computer.
    
    Fonte: http://technet.microsoft.com/pt-br/library/bb794762(en-us).aspx

    Atenciosamente,

     

    Paulo Oliveira.


    Dúvidas, divulgação de blogs, discussões sobre ISA/TMG: Participe do grupo ISA/TMG Firewall Admins Brasil no LinkedIn: http://www.linkedin.com/groups? mostPopular=&gid=3774142

    Blog: http://poliveirasilva.wordpress.com

    TI Especialistas: http://www.tiespecialistas.com.br/author/paulo-oliveira/

     


    sexta-feira, 29 de julho de 2011 14:36
  • Não entendi oq vc esta qrendo marcio.
    David Dellacenta || SonicWall-CSSA ||http://daviddellacenta.wordpress.com||
    sexta-feira, 5 de agosto de 2011 16:28