Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ISA 2006 multiple addresses on external nic unreachable from internet

Posted on 2010-09-19
6
Medium Priority
?
639 Views
Last Modified: 2012-05-10
I have an ISA 2006 server on windows server 2003.

I have an acces rule that allows pings from external to local host (and internal).

I have multiple addresses on the external nic card.

I can ping those multiple address from another computer on the same switch as that external card.

I can only ping the first of those ISA 2006 external addresses from the internet.

Please see attached drawing.

I suspect the FIOS provider is having a problem but they tell me the problem has to be in my ISA server.

I'd really be interested in opinions and suggestions regarding this.

Thanks in advance.

multipleIP.bmp
0
Comment
Question by:gateguard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33714038
Unless told otherwise, ISA listens on ALL external ip addresses for traffic. This means that if you publish an internal web site on port 80, by default, ISA listens on port 80 of ALL external ip addresses.

Open the publishing rule in the gui - when you select the listening nic (normally external) you will see a small tab in the window for addresses. Open this and select ONLY the single ip address you want associated with this listener.

repeat for every publishing rule. If you have done this correctly, you can now have different external ip addresses listening for different (or the same) ports but being pushed to different internal servers.
0
 

Author Comment

by:gateguard
ID: 33714762
Thanks, Keith, for taking a look at this.

Yes, I understand the concept of listeners on specific ports and am quite used to going through the procedure you have just outlined for me.

But in this specific case, I can't even PING the external addresses from the internet and, based on the drawing I have provided in this question, I'm looking for someone to say either yes, Verizon is wrong, they have a problem, or no, I am wrong, I must have some kind of hardware problem on my switch or nic card or something associated with the ISA server.

And for the record, I have changed out both the switch AND the external nic card on the ISA server.

So what do you think?  I can't PING those external address from the internet (though I have an access rule that allows all pings) but I can ping them from a nearby local computer on the external network.

Doesn't the problem HAVE to be in the Verizon equipment coming into my office (or beyond)?

Please tell me if I'm wrong.

Thanks.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33715364
Not necessarily a fault but a configuration issue on the Verizon by the sound of it. In the ISA GUI - logging - monitoring - start query - do you see the external icmp requests appear in the logs for the different ip addresses?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:gateguard
ID: 33716451
No, I don't see those requests appearing.  I don't see the packets appearing with the Ethereal packet sniffer.  I don't have any evidence at all that Verizon is sending any packets addressed to any address except the first in the series.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 33717560
Then that is your evidence. If their configuration/equipment was configured to forward the icmp traffic to the ISA external nic then it would appear in the logs - either as an attack/ wrongly targeted or even allowable traffic but whatever, it would appear
0
 

Author Closing Comment

by:gateguard
ID: 33720761
Thanks a lot, Keith.  I agree with you completely.  It's good to get confirmation from you.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question