Can't browse with new IP address for Proxy server

We're switching internet providers, so when the new router was connected, I needed to switch my ISA 2000 server to it, changing only the external address, and voila, everyone would now be surfing on the new T1.  But no luck at all.  To troubleshoot, I plugged my laptop directly into the new router and through DHCP, got my IP info and was able to surf no problem.  So I connected the ISA server's external NIC and set IP config to use DHCP, and saw it assigned the IP, Subnet, gateway, and DNS settings, same as the laptop (except the IP was 1 higher, as expected).  I don't assign any settings in ISA by IP address - I think the only place is for IP filtering anyway ('default external IP address' assignment).  The connection is fine outside of the browser, because I can both Ping and Tracert to destinations without problems, and DNS is resolving.  I initially didn't have the external addresses in the LAT, which I believe I should not have to (LOCAL being the operative word here), but have tried it either way.  Using a browser from that server or any other machine on the network will usually result in a 502 error, or tries to load the page, then just stop (nothing displayed, no error message). I've restarted both the server and any workstation, as well as stopping/restarting the proxy services when I didn't restart the server.
The very second that I enter the old IP address into IP settings (no DHCP with the old router) and plug the old cable in, I can browse with the server and any other machine on the network.  I thought I had a 2 minute job, but I'm absolutely stuck here....Where else do I need to make an IP address change, or am I missing something completely different?
LVL 11
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Some information on the "cant browse"  can we narrow it down, From the ISA server, ping by ip and by domain

1st ping  see if you get an IP back (testing dns)

if not one of googles ip's is
try by ip.

Atleast see if its a name resoultion or a connection.

2nd to be honest ISA may not like the dhcp on its external. Try maybe setting it as a static with all new information to test.

3rd,  verify in your network and dialup connections page that the external nic is still listed first as ISA requires this to work correctly.  If not click advanced on the menu then advanced settings and change the binding order.


Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Im sorry the INTERNAL should be on top in the advanced binding order. Not the EXTERNAL.

A great resource with and without troubles, thought Id pass it along if you hav'nt already found it.

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Also check the alerts on the isa server under monitoring, as well as event log.

Keith AlabasterEnterprise ArchitectCommented:
1. the LAT is the Local address table so should only have addresses that are on the internal isa nic and the inside network. This shouldn't have changed just beacause you have changed provider.

2. The ISA extrnal nic will operate better on a static IP rather than a dynamic one. Not a fast rule but is best practice.

3. What settings are on the external router? What is the router?
Does this have any port forwarding info that may have changed ?

4. ISA is not a router so uses the underlying windows routing tables.
From a cmd prompt, with the old system in place, do an ipconfig /all and a route print.
Put the new system in and do the two commands again.
You can either post the results here or just give me the lowdown of the changes.

5. If it works with the old but not with the new I'd suggest that the issue is likely to be between ISA and the router but lets see. These are somethings to test first of all.


TWBitAuthor Commented:
zoofan - yes, I can ping and tracert from ISA with the new connection.  I'll check the binding order.

I also did try a static IP config with the same results.

keith - the router was configed by the ISP and is a Netopia (I don't have the model number handy but will post if necessary). I don't know any of the router settings.  I'll compare route printout and post.

TWBitAuthor Commented:
Checked the binding order - it was External then Internal, and since it was working fine, I didn't want to mess with it.
Comparisons of ipconfig, ping, tracert, and route are all as expected, nothing appears out of the ordinary.  The fact that I can successfully ping with the new connection leads me to believe it is only an ISA problem.
I decided to changed the IP address back to the old range, but a different available one , just to see if I was still dead.  But ithout any restarts, I could still ping, tracert, browse etc.
So my only other untested option was to change the the binding order as zoofan suggested and presto! I'm surfing!  Trying to recreate the error, I put the binding order back to External then Internal, and set the IP config back to dynamic but I was still able to browse.  So perhaps something in the binding order was messed up and just changing it once fixed it. Who knows.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.