SYMPTOMS
The ISA server show “Denied Connection” in the “logging console” but you have create the rule that allow the connection and you have more “Denied Connection” message.
If you ping the IP Address, you receive a “Destination host unreachable”
CAUSE
Where you have more than 2 networks cards on your ISA server and the main router is on the external interface, the ISA server cannot route in internal because you have only a default route to external.
Sample :
ROUTE 0.0.0.0 MASK 0.0.0.0 GW 192.168.0.1
RESOLUTION
Create a local route to send the traffic to internal gateway with the command “route”.
If you want to route the subnet 172.16.0.0 with a mask of 255.255.255.0 to the gateway 10.88.2.1, use “–p” to force the route as persistent.
Sample :
route -p ADD 172.16.0 MASK 255.255.255.0 10.88.9.1