Got lost with ISA 2006 Ent IPs

Posted on 2007-10-10
Last Modified: 2012-08-13

i am trying to install MS ISA 2006 Enterprise

i have a server with 2 NIC
1st NIC is called "LAN" with:
Subnet mask
Gateway which is the ip of 2nd NIC
this NIC is connected to switch

2nd NIC is called "WAN" with:
Subnet mask
Gateway which is the ADSL modem

that was my case.

i have installed ISA, and i created a rule to connect to the Internet.

but i got two problems:

1. When i go to the IP address ranges for included network, and choose Add Adapter, and pick the LAN i found many ranges of ips, even the WAN ip range. Why?.
btw, i add my range manually ( -

2. ADSL modem is connected to Internet for sure. but i sill cannot browse. i got:
Error code: 502 Proxy Error. The host server is unreachable (10065)

btw, i am working from the same server and i put the server name as proxy, and i tried with other pc... but no response

3. i tried to ping 1st NIC but no response. when i searched for computer ip i got it. but, with pinging no result... why?

really, i've got a headache from this..

please help

Question by:Almatrodi
    LVL 51

    Expert Comment

    by:Keith Alabaster
    first of all, only the external nic is allowed to have a default gateway.
    If you need to route to internal subnets, use the route -p add command on the ISA server from a CMD prompt.

    open the gui, select configuration - networks - internal - properties - addresses.
    Remove ALL ip address ranges that are not internal to ISA. Make sure that all subnets that ARE internal to ISA include the network ID and the broadcast address also.

    For example, if the internal network nic is then the internal range would be -

    make sure your external HTTP rule includes from internal & local host to external if you are testing from the ISA itself.

    How have you set the DNS? Only the internal nic should have a dns entry and this shouyld p;oint to your internal DNS servers. The ISA external nic should not have a DNS entry. Also make sure you have turned off netBT on the external nic also.

    You cannot puing the nic unless you have allowed icmp from internal to local host. You can check this by going to the gui, monitoring - logging - start query and then trying a ping from an internal client.

    LVL 1

    Author Comment


    Dear keith

    I just found your answer in Q_22688467 and i followed. so, i remove the default gaeway from internal NIC. Internet is working from ISA Server. when i did that i return back to ISA management and choose Add Adapter. it was just my internal IPs - perfect!.

    I went to other machines and i did not put DNS. i put default gateway to ISA server. and i enter the ISA server as my proxy. it is worked.

    my questions are:
    - Do i need to put DNS?
    - I did not undertand how to ping it, Becuase i got error even with firewall client which can't see the ISA server.

    Thanks and waiting for your comments.

    LVL 1

    Author Comment


    Just to tell you.  i am browsing Internet from my pc. i try to visit and this is what i got:

    Error Code: 502 Proxy Error. No such service is known. The service cannot be found in the specified name space. (10108)
    IP Address:
    Date: 10/11/2007 2:34:00 AM [GMT]
    Server: MainSrv
    Source: proxy

    LVL 51

    Accepted Solution

    OK, all internal 'work stations' have to have their dns set to point to the internal dns servers. It is just the isa external nic that does not need it.

    The internal dns servers should have their forwarders tab (in the dns service itself) to point to the ISP dns servers.

    In isa, there needs to be a firewall rule to allow dns from internal to external. The way it works is that ISA will query the internal dns servers and these will resolve requests on ISA's behalf.
    You can check what is happening by opening the gui, select monitoring - logging - click start query.
    LVL 1

    Author Comment


    Thanks for you help.

    i am sure, i still have mroe questions. so, it will be in other posts.

    i did not install DNS before, so, i will install it and configure it well.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Suggested Solutions

    Title # Comments Views Activity
    IP change of AG 4 35
    Sonicwall AP 3 37
    time restriction to use internet on LAN and WLAN 4 52
    VPN speed and 3rd party service 13 21
    The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now