VLAN Clients Unable to Access internet through ISA SERVER 2004 Enter. edt with SP2

Dear All,
I have problem for Internet access to different VLAN users than the ISA server Vlan

I have Single Domain working fine, recently I have installed ISA 2004 Enterprise edt. with sp2 on my network..but i am unable to access internet from other VLAN client machine... for temp i have made all open policy for protocol and users... and i have configured internal network including all my vlan network...segment

ISA SERVER VLAN   Internet working fine...
Other VLANS : /112.0 /113.0 /114.0 /115.0 ...
have no access to internet

My Internal Network... address is to

You help is highly appreciated..

Who is Participating?
camacho_marcoConnect With a Mentor Commented:
Good work Amigo!!!!

What equipmeent are you using to set VLAN's????
What are your gateways in each VLAN????
What is your Internet Gateway????
What is your routing table???
Do you whant to use the ISA like a proxy???

RifaaAuthor Commented:
HI, thanks for you reply..
i have 3com switch as edge & CORE switch, core switch is configured with  five VLAN,
- Each Vlan interface  Is gateway for that VLAN segment  ..EX:  and is  as gateway .. with maximum of 254 nodes at one VLAN .

- Internet is connected to ISA server direct via USB Modem, ISA has one single NIC  for local Network and USB for internet

- I have routing table in Core switch to forward all inter Vlan request to Router and in router if the request is not for local network forwarded to outside WAN network. unfortunately  cannot display here the routing table here...anyway  in the same setup ISA was working before

- yes i want ISA as s proxy..

Let me tell you some thing more here...

my external network to ISA is USB connection... and from ISA server one INTERNAL NIC cable goes to Fortinet WAN interface... and from WAN Switch port one UTP is connected to Core Switch to the VLAN
IN this ISA server VLAN internet is working fine... but only to otherVLAN hosts it is not...

In fact in the same scenario ISA 2004 Std EDT was working fine...recently our ISA server failed because of hardware failure....so  i am rebuilding ISA server in New HARDWARE rest all is intact as it is...

I know our scenario is not perfect... any way we use FORTINET only for web filtering not for anything else for this movement... our Internet connection is from ONE ISP AND WAN DATA Link connection from other ISP..

Thanks for your time to read this long sorry .. i appreciate you help
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

RifaaAuthor Commented:
i have these error from client side...

Error Code 11001: Host not found
Background: This error indicates that the gateway could not find the IP address of the website you are trying to access. This is usually due to a DNS-related error.

Let's try this, can you eliminate the proxy server and route directly to internet insted of the proxy and see if all the vlans can go out to internet, if yes, we can concentrate on the ISA server.

RifaaAuthor Commented:
Thanks for your time and help...
I have solved the problem... i don't know if i  have presented the problem TO YOU  in right way... thanks lot again being with me for this issue..

let me explain what was the solution applied...

Before and after my ISA Insatallation every thing was fine with me in sense of basic connectivity, means i was able to ping my whole network (for the all the VLAN as usual). but as i connect my DSL connects i lot the connectivity ..(i know by default ISA Prevents ping to whole network because  of it's firewal role..) that makes me to think about routing...
as if my routing gateway was changed.....
i went to route print... i found only ISA server VLAN and other DSL route table was visible to me... and added persistent route to all my VLAN and it works fine...
Point to be remember when i add whole  of VLAN segment in one route line it did not work..i have to add individual vlan segment to work.. then it works

In short i have five VLAN in one OF THE Vlan ISA server... 192.168.110.x
My ISA Server IP (Internet was working only in this vlan) my ISA was dual NIC (Interface)
route i added was
route ADD -P MASK
route ADD -P MASK

I did the same for all and it works...

thanks again for you all ..and EXPERT-EXCHNAGE Team and thanks to GOD.

cheer.. & regards

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.