Good day to all of our netpros here!
I was at a client's side, and there are two scenarios. I just would like to know your take on this.
I did a network redesign for one of our client's. I created the 192.168.8.0 0.0.7.255 network (192.168.8.0 - 192.168.15.255), to replace the 192.168.2.0 network. All was going well inter-site, cuz they have one in alabang and one in paranaque, all connected via leased line, and running EIGRP. Problem is with their internet, they have an ISA server at the internet edge. With my current setup, I couldn't reach the internet via the 8.x to 15.x network. I then recreated the 2.x network, and it can go to the internet through the ISA server, which has an IP of 192.168.1.10.
With that, I am pretty sure that there is no issue with regards to inter-site routing, because it is impossible that the 2.x network takes a separate and different path from the rest of the subnets that I created on that site.
Problem is, Remote Desktop is not permitted, ICMP packets, as well as traceroutes, are not even permitted on the ISA server so troubleshooting is really a pain.
I ran packet sniffers from one client on the 192.168.2.x network, and accessed the internet. I noticed that the client has established proper TCP Three Way Hand Shake, and fair enough, it did access the internet via the ISA proxy server-firewall.
I ran packet sniffers from one client on the 192.168.13.x network which I created, and accessed the internet. I noticed that the clients send out ACK requests to the ISA server. However, I never saw a SYN, ACK coming back from the ISA server, thus the threeway handshake cannot be established. Is it possible that the ISA server doesn't recognize packets coming in from the new subnets that I created, thus dropping them right off the bat, and permitting only those that it recognizes? I also attached the pcap traces for visual references. Thanks!