Solved

VLAN Clients Unable to Access internet through ISA SERVER 2004 Enter. edt with SP2

Posted on 2006-11-30
6
1,031 Views
Last Modified: 2007-12-19
Dear All,
I have problem for Internet access to different VLAN users than the ISA server Vlan

Scenario:
I have Single Domain working fine, recently I have installed ISA 2004 Enterprise edt. with sp2 on my network..but i am unable to access internet from other VLAN client machine... for temp i have made all open policy for protocol and users... and i have configured internal network including all my vlan network...segment

ISA SERVER VLAN 192.168.110.0   Internet working fine...
Other VLANS :
192.168.111.0 /112.0 /113.0 /114.0 /115.0 ...
have no access to internet

My Internal Network... address is 192.168.0.0 to 192.168.255.255

You help is highly appreciated..







0
Comment
Question by:Rifaa
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:camacho_marco
ID: 18055896
What equipmeent are you using to set VLAN's????
What are your gateways in each VLAN????
What is your Internet Gateway????
What is your routing table???
Do you whant to use the ISA like a proxy???


Cheers
0
 

Author Comment

by:Rifaa
ID: 18058494
HI, thanks for you reply..
i have 3com switch as edge & CORE switch, core switch is configured with  five VLAN,
- Each Vlan interface  Is gateway for that VLAN segment  ..EX: 192.168.111.1  and 192.168.112.1 is  as gateway .. with maximum of 254 nodes at one VLAN .

- Internet is connected to ISA server direct via USB Modem, ISA has one single NIC  for local Network and USB for internet

- I have routing table in Core switch to forward all inter Vlan request to Router and in router if the request is not for local network forwarded to outside WAN network. unfortunately  cannot display here the routing table here...anyway  in the same setup ISA was working before

- yes i want ISA as s proxy..

Let me tell you some thing more here...

my external network to ISA is USB connection... and from ISA server one INTERNAL NIC cable goes to Fortinet WAN interface... and from WAN Switch port one UTP is connected to Core Switch to the VLAN 192.168.110.0...
IN this ISA server VLAN internet is working fine... but only to otherVLAN hosts it is not...

In fact in the same scenario ISA 2004 Std EDT was working fine...recently our ISA server failed because of hardware failure....so  i am rebuilding ISA server in New HARDWARE rest all is intact as it is...

I know our scenario is not perfect... any way we use FORTINET only for web filtering not for anything else for this movement... our Internet connection is from ONE ISP AND WAN DATA Link connection from other ISP..

Thanks for your time to read this long sorry .. i appreciate you help
0
 

Author Comment

by:Rifaa
ID: 18058952
HI,
i have these error from client side...

Error Code 11001: Host not found
Background: This error indicates that the gateway could not find the IP address of the website you are trying to access. This is usually due to a DNS-related error.

thanks
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 6

Expert Comment

by:camacho_marco
ID: 18059856
Let's try this, can you eliminate the proxy server and route directly to internet insted of the proxy and see if all the vlans can go out to internet, if yes, we can concentrate on the ISA server.

Cheers
0
 

Author Comment

by:Rifaa
ID: 18062228
Hi,
Thanks for your time and help...
I have solved the problem... i don't know if i  have presented the problem TO YOU  in right way... thanks lot again being with me for this issue..

let me explain what was the solution applied...

Before and after my ISA Insatallation every thing was fine with me in sense of basic connectivity, means i was able to ping my whole network (for the all the VLAN as usual). but as i connect my DSL connects i lot the connectivity ..(i know by default ISA Prevents ping to whole network because  of it's firewal role..) that makes me to think about routing...
as if my routing gateway was changed.....
i went to route print... i found only ISA server VLAN and other DSL route table was visible to me... and added persistent route to all my VLAN and it works fine...
Point to be remember when i add whole  of VLAN segment in one route line it did not work..i have to add individual vlan segment to work.. then it works

In short i have five VLAN in one OF THE Vlan ISA server... 192.168.110.x
My ISA Server IP 192.168.110.5 (Internet was working only in this vlan) my ISA was dual NIC (Interface)
route i added was
route ADD -P 192.168.111.0 MASK 255.255.255.0 192.168.110.5
route ADD -P 192.168.112.0 MASK 255.255.255.0 192.168.110.5

I did the same for all and it works...

thanks again for you all ..and EXPERT-EXCHNAGE Team and thanks to GOD.

cheer.. & regards


0
 
LVL 6

Accepted Solution

by:
camacho_marco earned 500 total points
ID: 18069294
Good work Amigo!!!!

Cheers
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question