One of my customers has a ISA570 with firmware version 1.2.17. He has the ip network 192.168.1.0/24 in the inside LAN. He has created a new IP network 192.168.70.0/24 in the same LAN, without change the configuration of the ISA500. This network does not need to go through the ISA500, but only serves to communicate with each other some devices.
The ISA500 seems to act as a proxy arp, because the device have the mac address of the ISA in the arp table for the network 192.168.70.0/24.
I Know that the correct solution is to create a separate VLAN, but i need an alternative solution as I can make changes only in a few days.
bad idea, because the default rules in zone based firewall are restrictet on ip addresses.
the best thing what you can do and for your customer is:
create small collisions domains and seperrate the network with vlans. To reduce paket lost or paket collisions. Other thing is, thing smart, the firewall on this device are useable and very good scalable, so you can build own network restrictions on every network or you can establish QoS.
No matter what you do, if both subnets are in the same VLAN then all MACs will show up in the ISA arp table since its switching fabric is also in the same default VLAN. Do you not have VLAN capable switches in you infrastructure? If you don't want those devices to have the ability to go through the ISA, then don't Trunk the VLAN up to the ISA. That said, if you need both networks to see each other, then you internal switches must support inter-VLAN routing or you will need to trunk the VLAN to the ISA so it can route the traffic. If you're on a tight window, I'd be happy to assist as what you're needing isn't really that complex.
Sent from Cisco Technical Support iPhone App
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...