Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ISA 2004 NAT Issues

Posted on 2006-04-06
10
Medium Priority
?
289 Views
Last Modified: 2013-11-16
Greetings Experts

I have an issue with ISA 2004.

I am running 2 identical sites using CISCO 800 Series ADSL routers.

Both sites have fixed IP addresses and both sites are running what we call in South Africa "uncapped ADSL".

The issue is:

Access to international sites from both servers time out, however if I connect a laptop directly to the routers I do not experience the timeout.

So, the issue would then have to be with the ISA Server.

If I do a traceroute to an international site I am able to get a proper response via a laptop connected directly.

When I do a traceroute from the ISA server I get an destination host unreachable.

When I do the same for a local site (20ms ping vs. 600ms ping) I have no problems.

Please assist

0
Comment
Question by:ryankahan
  • 6
  • 3
10 Comments
 
LVL 9

Expert Comment

by:vsg375
ID: 16391775
Hi,

OK, some checking first..

1. Did you properly declare your local subnets in ISA ?
2. By default, ISA blocks everything. Did you define the proper FW rule(s) for outgoing traffic ?
3. What DNS does your ISA server point to ? If internal, is redirection  properly configured ?


Please post the results here, and I'll be more than happy to assist.

Cheers
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16406207
Open the gui.
Select configuration - networks
Open the internal network - select addresses
What ranges are in here? Are the classful?  ie whole sunets?

Click on monitoring - logging.
Click on start query.
Try your connection. What do you see in the log?

regards
Keith
ISA MCT
0
 

Author Comment

by:ryankahan
ID: 16417717
Greetings Experts.

My DNS is configured to point to my internal DNS which is connected to a seperate Diginet (Leased Line).

My Internal Network was autoconfigured on all private networks and I changed this configuration to match my actual internal network.

My tracert to "international" sites now appears better.

I usually timed out on a ping now I am getting 800ms to www.google.co.za,
but then again I get the same response from my fixed line link.

My FW is configured for all outgoing traffic from the point from where I am doing the monitoring.

Regards
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16419691
800ms is awful (no offence). to the same site i am getting 50ms from the UK.

Can you clarify then if you still have an issue or is all OK?
0
 

Author Comment

by:ryankahan
ID: 16423916
The access has improved here, the reason for the awful ping is our biggest ISP here has a 64MBit link to the states and they are pushing most of our internet traffic through that line... The problem still persists at the 2nd site, the first site it has improved...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16423923
OK, You have just caught me leaving for work; I'll hit it again tonight when I get back.
Regards
keith
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16429984
Where does the diginet come into the equation? Does both sites have its own DNS server?
0
 

Author Comment

by:ryankahan
ID: 16488449
Perhaps I should elaborate:

I have 1 x DIGINET line = 384kbps
          1 x Uncapped ADSL = 512kbps

The diginet runs the email and the general browsing for the "floor staff"
The ADSL runs a incoming VPN and priority browsing for directors etc...

0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16491332
On the ISA server, set the IE browser proxy settings to none. Now try accessing a site. Same results?

Click on monitoring - logging.
Click on start query.
Try your connection. What do you see in the log?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16608086
Thanks :)
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question