Solved

VLAN Clients Unable to Access internet through ISA SERVER 2004 Enter. edt with SP2

Posted on 2006-11-30
6
1,032 Views
Last Modified: 2007-12-19
Dear All,
I have problem for Internet access to different VLAN users than the ISA server Vlan

Scenario:
I have Single Domain working fine, recently I have installed ISA 2004 Enterprise edt. with sp2 on my network..but i am unable to access internet from other VLAN client machine... for temp i have made all open policy for protocol and users... and i have configured internal network including all my vlan network...segment

ISA SERVER VLAN 192.168.110.0   Internet working fine...
Other VLANS :
192.168.111.0 /112.0 /113.0 /114.0 /115.0 ...
have no access to internet

My Internal Network... address is 192.168.0.0 to 192.168.255.255

You help is highly appreciated..







0
Comment
Question by:Rifaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:camacho_marco
ID: 18055896
What equipmeent are you using to set VLAN's????
What are your gateways in each VLAN????
What is your Internet Gateway????
What is your routing table???
Do you whant to use the ISA like a proxy???


Cheers
0
 

Author Comment

by:Rifaa
ID: 18058494
HI, thanks for you reply..
i have 3com switch as edge & CORE switch, core switch is configured with  five VLAN,
- Each Vlan interface  Is gateway for that VLAN segment  ..EX: 192.168.111.1  and 192.168.112.1 is  as gateway .. with maximum of 254 nodes at one VLAN .

- Internet is connected to ISA server direct via USB Modem, ISA has one single NIC  for local Network and USB for internet

- I have routing table in Core switch to forward all inter Vlan request to Router and in router if the request is not for local network forwarded to outside WAN network. unfortunately  cannot display here the routing table here...anyway  in the same setup ISA was working before

- yes i want ISA as s proxy..

Let me tell you some thing more here...

my external network to ISA is USB connection... and from ISA server one INTERNAL NIC cable goes to Fortinet WAN interface... and from WAN Switch port one UTP is connected to Core Switch to the VLAN 192.168.110.0...
IN this ISA server VLAN internet is working fine... but only to otherVLAN hosts it is not...

In fact in the same scenario ISA 2004 Std EDT was working fine...recently our ISA server failed because of hardware failure....so  i am rebuilding ISA server in New HARDWARE rest all is intact as it is...

I know our scenario is not perfect... any way we use FORTINET only for web filtering not for anything else for this movement... our Internet connection is from ONE ISP AND WAN DATA Link connection from other ISP..

Thanks for your time to read this long sorry .. i appreciate you help
0
 

Author Comment

by:Rifaa
ID: 18058952
HI,
i have these error from client side...

Error Code 11001: Host not found
Background: This error indicates that the gateway could not find the IP address of the website you are trying to access. This is usually due to a DNS-related error.

thanks
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 6

Expert Comment

by:camacho_marco
ID: 18059856
Let's try this, can you eliminate the proxy server and route directly to internet insted of the proxy and see if all the vlans can go out to internet, if yes, we can concentrate on the ISA server.

Cheers
0
 

Author Comment

by:Rifaa
ID: 18062228
Hi,
Thanks for your time and help...
I have solved the problem... i don't know if i  have presented the problem TO YOU  in right way... thanks lot again being with me for this issue..

let me explain what was the solution applied...

Before and after my ISA Insatallation every thing was fine with me in sense of basic connectivity, means i was able to ping my whole network (for the all the VLAN as usual). but as i connect my DSL connects i lot the connectivity ..(i know by default ISA Prevents ping to whole network because  of it's firewal role..) that makes me to think about routing...
as if my routing gateway was changed.....
i went to route print... i found only ISA server VLAN and other DSL route table was visible to me... and added persistent route to all my VLAN and it works fine...
Point to be remember when i add whole  of VLAN segment in one route line it did not work..i have to add individual vlan segment to work.. then it works

In short i have five VLAN in one OF THE Vlan ISA server... 192.168.110.x
My ISA Server IP 192.168.110.5 (Internet was working only in this vlan) my ISA was dual NIC (Interface)
route i added was
route ADD -P 192.168.111.0 MASK 255.255.255.0 192.168.110.5
route ADD -P 192.168.112.0 MASK 255.255.255.0 192.168.110.5

I did the same for all and it works...

thanks again for you all ..and EXPERT-EXCHNAGE Team and thanks to GOD.

cheer.. & regards


0
 
LVL 6

Accepted Solution

by:
camacho_marco earned 500 total points
ID: 18069294
Good work Amigo!!!!

Cheers
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Top cover replacement dell latitude d620 12 101
Understanding Security Log Events 2 69
domain and forest trust 1 33
Print to local printer - Windows 7 RDP 9 45
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question