Solved

ISA 2006 help with single adapter mode

Posted on 2008-10-29
23
445 Views
Last Modified: 2010-04-21
Just installed ISA 2006 on a Windows 2003 server. I followed all of the default options for the 'single network adapter' template. I add in the proxy settings in IE on my desktop computer I get the 10060 time out message. Any ideas?

I did create one rule that states Allow, FTP HTTP HTTPS, from Internal & Local Host, to Internal and Local Host. I cant browse the web. Thanks.
0
Comment
Question by:cb_it
  • 12
  • 11
23 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Add another rule that allows dns from internal to external
0
 

Author Comment

by:cb_it
Comment Utility
That didnt work. I thought that in single network adapter mode that 'External' didnt exist? I should also say that our internal network is already using ISA 2000. I also have the "old" ISA 2000 firewall client installed on my pc. Should I disable this? All I'm doing is changing the proxy IP address in IE to point to the new ISA 2006 server.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Yes, external still exists - it is ALL of the ip addresses that are NOT listed in the internal LAT. I assume you have edited the LAT accordingly?

The ISA firewall client should be on the latest version and that is NOT the one that came with ISA2000 lol but not sure why you would be using it with a single nic ISA box. Yes - disable it.



0
 

Author Comment

by:cb_it
Comment Utility
Now this is popping up basically instantly when I try to browse.
Technical Information (for support personnel)
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 10.161.156.204
Date: 10/29/2008 8:11:53 PM [GMT]
Server: NYC42-PROXY2.XXXXXX.COM
Source: proxy
 
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Is this on the 2006 box?
How have you entered the outbound access rule? All users? authenticated users? An AD group?
Is the ISA server a domain member?
0
 

Author Comment

by:cb_it
Comment Utility
Is there an easy way to export my current settings and paste them here?
Rule 1 Allow DNS from internal to external
Rule 2 Allow FTP HTTP HTTPS, from internal and localhost, to internal and localhost
Rule 3 Default Rule
INternal Network is setup to be 10.161.156.0 - 10.161.156.255
0
 

Author Comment

by:cb_it
Comment Utility
These 3 rules are set for All Users. Yes, the server is a domain member.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
change rule 2 from internal & localhost to internal, localhost & external.
0
 

Author Comment

by:cb_it
Comment Utility
I changed rule 2, now back to this error.
Error Code 10060: Connection timeout
Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.
 
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
What have you got in the internal LAT?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Also, what is the nic setup of the ISA box?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:cb_it
Comment Utility
Internal LAT do you mean theINternal network addresses?
It's 10.161.156.0 - 10.161.156.255
IP 10.161.156.204
SM 255.255.255.0
DG 10.161.156.1
DNS1 10.161.156.XXX
DNS2 10.161.156.XXX
Another thing, this ISA server is running on a VMWare server! Hope that doesnt mean anything.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
lol - only that it is not supported by MS if it doesn't work or you are hacked etc. However, it DOES work. I run my home ISA's on Virtual PC and these work great.

That said, are you SURE that the host OS is not blocking anything through its own firewall or anything similar? this has been a known issue regularly
0
 

Author Comment

by:cb_it
Comment Utility
I'm not sure about VMWare blocking anything. I'm new to that software as well. It was installed/setup by an outside consultant. I'll have to check on that.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Can't help you there - vmware is not my bag....
0
 

Author Comment

by:cb_it
Comment Utility
I was able to disable the VMWare ESX firewall - still getting the same error 10060 timeout message. ANy other ideas? Thanks!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
If you backup the ISA config - remove it - can you get out to the internet successfully from your virtual machine? Lets take ISA out of the equation and make sure that the basics are operating correctly or have you already tried and proved this works?
0
 

Author Comment

by:cb_it
Comment Utility
When you say remove it, do you mean disable ISA? How? Uninstall it, or should I just remove the proxy settings out of IE? Thanks for the help.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Uninstall - disabling it simply stops all internet traffic full stop.
0
 

Author Comment

by:cb_it
Comment Utility
I uninstalled ISA 2006. It's basically the only thing on the server. Rebooted. Proxy settings in IE are blank/empty.
"Internet Explorer cannot display the webpage"
Grrr... so basically I should be able to browse the web from this server but it seems like something else is wrong!
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
Comment Utility
i guessed as much from your previous comments - Once you have gained access to the internet from that virtual unit THEN we can move ahead on the ISA front.

Sorry

keith
0
 

Author Closing Comment

by:cb_it
Comment Utility
Our firewalls are located locally but maintained by an outside company. Adding the new ISA server to their firewall configuration did the trick, thanks for the help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Thanks :)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now