Solved

Cannoot Get to Internet or Email using ISA 2004

Posted on 2010-11-27
9
454 Views
Last Modified: 2012-05-10
Hello,

We have an SBS 2003 server using 2 NIC cards.  One is configured to external with the IP address, SM and gateway given to us by ISP.  The DNS is left blank on this NIC.  The internal NIC is set to 10.0.1.1 SM 255.255.255.0 Gateway is blank and DNS is 10.0.1.1.   I have also checked the binding order and the internal NIC card is first. We are using ISA 2004 standard.  

I recently updated the drivers on the NICs and we have been having issues since.  clients on the network cannot access emails or get to the internet.  From the server I can ping a client IP, and a DNS address.  I am also able to get to the internet on the server.  

Can some one tell me what I need to check in ISA to get this working?  Thanks
0
Comment
Question by:JParra72
  • 7
  • 2
9 Comments
 
LVL 5

Expert Comment

by:Matt Davies
ID: 34222283
Is this intermittant or a constant problem?
0
 

Author Comment

by:JParra72
ID: 34222301
constant since I updated the NIC drivers.  It was intermittant right after the server rebooted it self every friday at 11pm as part of the scheduled tasks.  I would then come in an restart all associated services and everythin would be working again.  Not this time.  I updated the NIC drivers last wednesday, no connectivity since then.
0
 

Author Comment

by:JParra72
ID: 34222313
These are the firewall policies curently set up:

Policy #1 DNS internal local host
Allow - Protocol (DNS) - from internal - to local host- condition (all users).

Policy #2 SBS Outbaound Access Rule
Allow - Protocol (All outbound Traffic) - from all protected networks
- to external - condition (all users)

Policy #3 ronrawlings.com SMTP server
Allow - Protocol (SMTP srever) - from external - to 10.0.1.1

Policy #4 Camera
Allow - protocol (www) - from External - to 10.0.1.140

Policy #5 RDP (1)
Allow - Protocol (3390) - from external - to 10.0.1.19

Policy #6 Cameras
Allow - protocol (phones) - from external - to 10.0.1.140

Policy #7 RDP
Allow - protocol (terminal services) - from external - to 10.0.1.1

Policy #8 RDP (2)
Allow - protocol (RDP 2) - from external - to 10.0.1.1

Policy # 9 SSL
Allow - protocol  (HTTPS server) - from external - to 10.0.1.1

Policy #10 SBS Protrected Networks access rule
Allow - protocol (allow outbaound traffic) - from all protected
networks - to all protected networks - condition (all users)

Policy #11 SBS Inbound Access ruke
Deny - protocol (all outbound traffic) - from external - to local host
- condition (all users)

Policy # 12 Default Rule
Deny - protocol (all traffic) - from all networks - to all networks -
condition (all users)
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 

Author Comment

by:JParra72
ID: 34222346
I am also getting connection limit exceeded alerts.  They are event ID 15112 on the event log.  message is "The client 10.0.1.193 exceeded its connection limit. The new connection was rejected."
0
 

Author Comment

by:JParra72
ID: 34222398
Also Notice where I have highkighted in red.  is it supposed to look like that?
 image
0
 
LVL 5

Expert Comment

by:Matt Davies
ID: 34222456
In the first instance I would roll back the network card drivers.
0
 

Author Comment

by:JParra72
ID: 34222484
Tried that from the devic manager and it would not do it because there was no back up.
0
 

Accepted Solution

by:
JParra72 earned 0 total points
ID: 34227868
I got it working.  The external NIC had the DNS servers from the ISP listed.  I removed them and rebooted the server.
0
 

Author Closing Comment

by:JParra72
ID: 34265392
I was able to figure on my own
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question