Troubleshooting / Configuring ISA server DNS lookup

I have a ISA 2006 server I need to troubleshoot. Clients on the inside cannot do DNS lookup nor can they reach external websites.

Policies are
- No enterprise policies is applied before array firewall policy
- One deny all policy is applied after array firewall policy
- A long list of policies is aplied as 'Firewall policy rules'

Which plocies needs to be in place to allow a client to perform a DNS lookup on an external DNS?

I've tried to monitor all traffic to the specific DNS. When doing a DNS lookup from the ISA itself I get a fine log entry.

When doing the lookup from a client I get no log entries. Any ideas?

Regards,
Kaare
tecitAsked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Ah - lol - more information :)
What are the results from the BPA?

If you are not running nlb on the internal interfaces also, how are you setting the default gateways of the clients? All of my installs (where I have used NLB) have had nlb running for both internal and external nics. What are the default gateways of the internal dns servers?
0
 
Keith AlabasterEnterprise ArchitectCommented:
Sounds like a naff installation. please provide an ipconfig /all from the ISA server.
0
 
tecitAuthor Commented:
The ISA cluster worked just fine undtil last friday where it suddently started loosing 75% og ping packets to the internet.

It's 3 servers running in as an ISA cluster with NLB on the outside interfaces. I've shutdown 2 of the servers and disabled NLB on the third and now the clients can access the internet and make nslookup without problems.

Any ideas on where to look for the NLB error? Cables and switch for the outside interfaces has been tested both physically and logically.

Hope the one server can handle the load during production time tomorrow....

Thanks,
Kaare
0
 
tecitAuthor Commented:
It turned out that our ISP made a change in their router to protect it from the unknown unicasts submittet by the ISA's NLB. We got the cluster up running again by inserting our own router in between the ISA's and the ISP's router.

Thanks for all Your quick responses.
/Kaare
0
 
Keith AlabasterEnterprise ArchitectCommented:
Welcome & Thanks :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.