Solved

ISA 2006 help with single adapter mode

Posted on 2008-10-29
23
465 Views
Last Modified: 2010-04-21
Just installed ISA 2006 on a Windows 2003 server. I followed all of the default options for the 'single network adapter' template. I add in the proxy settings in IE on my desktop computer I get the 10060 time out message. Any ideas?

I did create one rule that states Allow, FTP HTTP HTTPS, from Internal & Local Host, to Internal and Local Host. I cant browse the web. Thanks.
0
Comment
Question by:cb_it
  • 12
  • 11
23 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22834856
Add another rule that allows dns from internal to external
0
 

Author Comment

by:cb_it
ID: 22834950
That didnt work. I thought that in single network adapter mode that 'External' didnt exist? I should also say that our internal network is already using ISA 2000. I also have the "old" ISA 2000 firewall client installed on my pc. Should I disable this? All I'm doing is changing the proxy IP address in IE to point to the new ISA 2006 server.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22834989
Yes, external still exists - it is ALL of the ip addresses that are NOT listed in the internal LAT. I assume you have edited the LAT accordingly?

The ISA firewall client should be on the latest version and that is NOT the one that came with ISA2000 lol but not sure why you would be using it with a single nic ISA box. Yes - disable it.



0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:cb_it
ID: 22835034
Now this is popping up basically instantly when I try to browse.
Technical Information (for support personnel)
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 10.161.156.204
Date: 10/29/2008 8:11:53 PM [GMT]
Server: NYC42-PROXY2.XXXXXX.COM
Source: proxy
 
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22835078
Is this on the 2006 box?
How have you entered the outbound access rule? All users? authenticated users? An AD group?
Is the ISA server a domain member?
0
 

Author Comment

by:cb_it
ID: 22835089
Is there an easy way to export my current settings and paste them here?
Rule 1 Allow DNS from internal to external
Rule 2 Allow FTP HTTP HTTPS, from internal and localhost, to internal and localhost
Rule 3 Default Rule
INternal Network is setup to be 10.161.156.0 - 10.161.156.255
0
 

Author Comment

by:cb_it
ID: 22835105
These 3 rules are set for All Users. Yes, the server is a domain member.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22835107
change rule 2 from internal & localhost to internal, localhost & external.
0
 

Author Comment

by:cb_it
ID: 22835146
I changed rule 2, now back to this error.
Error Code 10060: Connection timeout
Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.
 
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22835229
What have you got in the internal LAT?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22835237
Also, what is the nic setup of the ISA box?
0
 

Author Comment

by:cb_it
ID: 22835268
Internal LAT do you mean theINternal network addresses?
It's 10.161.156.0 - 10.161.156.255
IP 10.161.156.204
SM 255.255.255.0
DG 10.161.156.1
DNS1 10.161.156.XXX
DNS2 10.161.156.XXX
Another thing, this ISA server is running on a VMWare server! Hope that doesnt mean anything.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22835323
lol - only that it is not supported by MS if it doesn't work or you are hacked etc. However, it DOES work. I run my home ISA's on Virtual PC and these work great.

That said, are you SURE that the host OS is not blocking anything through its own firewall or anything similar? this has been a known issue regularly
0
 

Author Comment

by:cb_it
ID: 22835425
I'm not sure about VMWare blocking anything. I'm new to that software as well. It was installed/setup by an outside consultant. I'll have to check on that.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22835522
Can't help you there - vmware is not my bag....
0
 

Author Comment

by:cb_it
ID: 22842503
I was able to disable the VMWare ESX firewall - still getting the same error 10060 timeout message. ANy other ideas? Thanks!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22843707
If you backup the ISA config - remove it - can you get out to the internet successfully from your virtual machine? Lets take ISA out of the equation and make sure that the basics are operating correctly or have you already tried and proved this works?
0
 

Author Comment

by:cb_it
ID: 22843790
When you say remove it, do you mean disable ISA? How? Uninstall it, or should I just remove the proxy settings out of IE? Thanks for the help.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22843829
Uninstall - disabling it simply stops all internet traffic full stop.
0
 

Author Comment

by:cb_it
ID: 22844572
I uninstalled ISA 2006. It's basically the only thing on the server. Rebooted. Proxy settings in IE are blank/empty.
"Internet Explorer cannot display the webpage"
Grrr... so basically I should be able to browse the web from this server but it seems like something else is wrong!
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22844695
i guessed as much from your previous comments - Once you have gained access to the internet from that virtual unit THEN we can move ahead on the ISA front.

Sorry

keith
0
 

Author Closing Comment

by:cb_it
ID: 31511359
Our firewalls are located locally but maintained by an outside company. Adding the new ISA server to their firewall configuration did the trick, thanks for the help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22878516
Thanks :)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question