We help IT Professionals succeed at work.

Got lost with ISA 2006 Ent IPs

1,329 Views
Last Modified: 2012-08-13
Hi

i am trying to install MS ISA 2006 Enterprise

i have a server with 2 NIC
1st NIC is called "LAN" with:
IP 10.20.30.1
Subnet mask 255.255.255.0
Gateway 35.35.35.1 which is the ip of 2nd NIC
this NIC is connected to switch

2nd NIC is called "WAN" with:
IP 35.35.35.1
Subnet mask 255.255.255.0
Gateway 35.35.35.2 which is the ADSL modem

that was my case.

i have installed ISA, and i created a rule to connect to the Internet.

but i got two problems:

1. When i go to the IP address ranges for included network, and choose Add Adapter, and pick the LAN i found many ranges of ips, even the WAN ip range. Why?.
btw, i add my range manually (10.20.30.0 - 10.20.30.255).

2. ADSL modem is connected to Internet for sure. but i sill cannot browse. i got:
Error code: 502 Proxy Error. The host server is unreachable (10065)

btw, i am working from the same server and i put the server name as proxy, and i tried with other pc... but no response

3. i tried to ping 1st NIC but no response. when i searched for computer ip i got it. but, with pinging no result... why?

really, i've got a headache from this..

please help




Comment
Watch Question

Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
first of all, only the external nic is allowed to have a default gateway.
If you need to route to internal subnets, use the route -p add command on the ISA server from a CMD prompt.

open the gui, select configuration - networks - internal - properties - addresses.
Remove ALL ip address ranges that are not internal to ISA. Make sure that all subnets that ARE internal to ISA include the network ID and the broadcast address also.

For example, if the internal network nic is 10.20.30.5 then the internal range would be 10.20.30.0 - 10.20.30.255.

make sure your external HTTP rule includes from internal & local host to external if you are testing from the ISA itself.

How have you set the DNS? Only the internal nic should have a dns entry and this shouyld p;oint to your internal DNS servers. The ISA external nic should not have a DNS entry. Also make sure you have turned off netBT on the external nic also.

You cannot puing the nic unless you have allowed icmp from internal to local host. You can check this by going to the gui, monitoring - logging - start query and then trying a ping from an internal client.





Abdurahman AlmatrodiBusiness Development

Author

Commented:

Dear keith

I just found your answer in Q_22688467 and i followed. so, i remove the default gaeway from internal NIC. Internet is working from ISA Server. when i did that i return back to ISA management and choose Add Adapter. it was just my internal IPs 10.20.30.0 - 10.20.30.255. perfect!.

I went to other machines and i did not put DNS. i put default gateway to ISA server. and i enter the ISA server as my proxy. it is worked.

my questions are:
- Do i need to put DNS?
- I did not undertand how to ping it, Becuase i got error even with firewall client which can't see the ISA server.

Thanks and waiting for your comments.

Abdurahman AlmatrodiBusiness Development

Author

Commented:

Just to tell you.  i am browsing Internet from my pc. i try to visit google.com and this is what i got:

Error Code: 502 Proxy Error. No such service is known. The service cannot be found in the specified name space. (10108)
IP Address: 10.20.30.1
Date: 10/11/2007 2:34:00 AM [GMT]
Server: MainSrv
Source: proxy

Enterprise Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Abdurahman AlmatrodiBusiness Development

Author

Commented:

Thanks for you help.

i am sure, i still have mroe questions. so, it will be in other posts.

i did not install DNS before, so, i will install it and configure it well.

:)



Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.