[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can't browse with new IP address for Proxy server

Posted on 2007-07-28
7
Medium Priority
?
403 Views
Last Modified: 2008-11-17
We're switching internet providers, so when the new router was connected, I needed to switch my ISA 2000 server to it, changing only the external address, and voila, everyone would now be surfing on the new T1.  But no luck at all.  To troubleshoot, I plugged my laptop directly into the new router and through DHCP, got my IP info and was able to surf no problem.  So I connected the ISA server's external NIC and set IP config to use DHCP, and saw it assigned the IP, Subnet, gateway, and DNS settings, same as the laptop (except the IP was 1 higher, as expected).  I don't assign any settings in ISA by IP address - I think the only place is for IP filtering anyway ('default external IP address' assignment).  The connection is fine outside of the browser, because I can both Ping and Tracert to destinations without problems, and DNS is resolving.  I initially didn't have the external addresses in the LAT, which I believe I should not have to (LOCAL being the operative word here), but have tried it either way.  Using a browser from that server or any other machine on the network will usually result in a 502 error, or tries to load the page, then just stop (nothing displayed, no error message). I've restarted both the server and any workstation, as well as stopping/restarting the proxy services when I didn't restart the server.
The very second that I enter the old IP address into IP settings (no DHCP with the old router) and plug the old cable in, I can browse with the server and any other machine on the network.  I thought I had a 2 minute job, but I'm absolutely stuck here....Where else do I need to make an IP address change, or am I missing something completely different?
0
Comment
Question by:TWBit
  • 4
  • 2
7 Comments
 
LVL 12

Accepted Solution

by:
zoofan earned 1000 total points
ID: 19587345
Some information on the "cant browse"  can we narrow it down, From the ISA server, ping by ip and by domain

1st ping www.google.com  see if you get an IP back (testing dns)

if not one of googles ip's is 64.233.167.99
try by ip.

Atleast see if its a name resoultion or a connection.

2nd to be honest ISA may not like the dhcp on its external. Try maybe setting it as a static with all new information to test.

3rd,  verify in your network and dialup connections page that the external nic is still listed first as ISA requires this to work correctly.  If not click advanced on the menu then advanced settings and change the binding order.

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19587353
Im sorry the INTERNAL should be on top in the advanced binding order. Not the EXTERNAL.

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19587358
A great resource with and without troubles, thought Id pass it along if you hav'nt already found it.

http://www.isaserver.org/tutorials/

zf
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 12

Expert Comment

by:zoofan
ID: 19587361
Also check the alerts on the isa server under monitoring, as well as event log.

zf
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19587771
1. the LAT is the Local address table so should only have addresses that are on the internal isa nic and the inside network. This shouldn't have changed just beacause you have changed provider.

2. The ISA extrnal nic will operate better on a static IP rather than a dynamic one. Not a fast rule but is best practice.

3. What settings are on the external router? What is the router?
Does this have any port forwarding info that may have changed ?

4. ISA is not a router so uses the underlying windows routing tables.
From a cmd prompt, with the old system in place, do an ipconfig /all and a route print.
Put the new system in and do the two commands again.
You can either post the results here or just give me the lowdown of the changes.

5. If it works with the old but not with the new I'd suggest that the issue is likely to be between ISA and the router but lets see. These are somethings to test first of all.

Keith


0
 
LVL 11

Author Comment

by:TWBit
ID: 19587870
zoofan - yes, I can ping and tracert from ISA with the new connection.  I'll check the binding order.

I also did try a static IP config with the same results.

keith - the router was configed by the ISP and is a Netopia (I don't have the model number handy but will post if necessary). I don't know any of the router settings.  I'll compare route printout and post.

Thanks!
0
 
LVL 11

Author Comment

by:TWBit
ID: 19596682
Checked the binding order - it was External then Internal, and since it was working fine, I didn't want to mess with it.
Comparisons of ipconfig, ping, tracert, and route are all as expected, nothing appears out of the ordinary.  The fact that I can successfully ping with the new connection leads me to believe it is only an ISA problem.
I decided to changed the IP address back to the old range, but a different available one , just to see if I was still dead.  But ithout any restarts, I could still ping, tracert, browse etc.
So my only other untested option was to change the the binding order as zoofan suggested and presto! I'm surfing!  Trying to recreate the error, I put the binding order back to External then Internal, and set the IP config back to dynamic but I was still able to browse.  So perhaps something in the binding order was messed up and just changing it once fixed it. Who knows.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question