?
Solved

Got lost with ISA 2006 Ent IPs

Posted on 2007-10-10
5
Medium Priority
?
1,308 Views
Last Modified: 2012-08-13
Hi

i am trying to install MS ISA 2006 Enterprise

i have a server with 2 NIC
1st NIC is called "LAN" with:
IP 10.20.30.1
Subnet mask 255.255.255.0
Gateway 35.35.35.1 which is the ip of 2nd NIC
this NIC is connected to switch

2nd NIC is called "WAN" with:
IP 35.35.35.1
Subnet mask 255.255.255.0
Gateway 35.35.35.2 which is the ADSL modem

that was my case.

i have installed ISA, and i created a rule to connect to the Internet.

but i got two problems:

1. When i go to the IP address ranges for included network, and choose Add Adapter, and pick the LAN i found many ranges of ips, even the WAN ip range. Why?.
btw, i add my range manually (10.20.30.0 - 10.20.30.255).

2. ADSL modem is connected to Internet for sure. but i sill cannot browse. i got:
Error code: 502 Proxy Error. The host server is unreachable (10065)

btw, i am working from the same server and i put the server name as proxy, and i tried with other pc... but no response

3. i tried to ping 1st NIC but no response. when i searched for computer ip i got it. but, with pinging no result... why?

really, i've got a headache from this..

please help




0
Comment
Question by:Abdurahman Almatrodi
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20051148
first of all, only the external nic is allowed to have a default gateway.
If you need to route to internal subnets, use the route -p add command on the ISA server from a CMD prompt.

open the gui, select configuration - networks - internal - properties - addresses.
Remove ALL ip address ranges that are not internal to ISA. Make sure that all subnets that ARE internal to ISA include the network ID and the broadcast address also.

For example, if the internal network nic is 10.20.30.5 then the internal range would be 10.20.30.0 - 10.20.30.255.

make sure your external HTTP rule includes from internal & local host to external if you are testing from the ISA itself.

How have you set the DNS? Only the internal nic should have a dns entry and this shouyld p;oint to your internal DNS servers. The ISA external nic should not have a DNS entry. Also make sure you have turned off netBT on the external nic also.

You cannot puing the nic unless you have allowed icmp from internal to local host. You can check this by going to the gui, monitoring - logging - start query and then trying a ping from an internal client.





0
 
LVL 1

Author Comment

by:Abdurahman Almatrodi
ID: 20053779

Dear keith

I just found your answer in Q_22688467 and i followed. so, i remove the default gaeway from internal NIC. Internet is working from ISA Server. when i did that i return back to ISA management and choose Add Adapter. it was just my internal IPs 10.20.30.0 - 10.20.30.255. perfect!.

I went to other machines and i did not put DNS. i put default gateway to ISA server. and i enter the ISA server as my proxy. it is worked.

my questions are:
- Do i need to put DNS?
- I did not undertand how to ping it, Becuase i got error even with firewall client which can't see the ISA server.

Thanks and waiting for your comments.

0
 
LVL 1

Author Comment

by:Abdurahman Almatrodi
ID: 20053809

Just to tell you.  i am browsing Internet from my pc. i try to visit google.com and this is what i got:

Error Code: 502 Proxy Error. No such service is known. The service cannot be found in the specified name space. (10108)
IP Address: 10.20.30.1
Date: 10/11/2007 2:34:00 AM [GMT]
Server: MainSrv
Source: proxy

0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 20054669
OK, all internal 'work stations' have to have their dns set to point to the internal dns servers. It is just the isa external nic that does not need it.

The internal dns servers should have their forwarders tab (in the dns service itself) to point to the ISP dns servers.

In isa, there needs to be a firewall rule to allow dns from internal to external. The way it works is that ISA will query the internal dns servers and these will resolve requests on ISA's behalf.
You can check what is happening by opening the gui, select monitoring - logging - click start query.
0
 
LVL 1

Author Comment

by:Abdurahman Almatrodi
ID: 20069921

Thanks for you help.

i am sure, i still have mroe questions. so, it will be in other posts.

i did not install DNS before, so, i will install it and configure it well.

:)



0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question