Back firewall won't pass traffic...

---

• From: "infernon" <infernon@xxxxxxxxx>
• Date: 15 Sep 2006 08:45:18 -0700

---

I'm running ISA 2006 with the back firewall template.

I walked through the setup and found it odd that ISA doesn't want to
know what the address range of the DMZ is supposed to be. At any rate,
I manually set that network up and verified that ISA had the correct
ranges selected for the internal adapter. Of course, I configured the
DMZ interface after I set up the template, so I'm seeing the customary
message about having changed the config and how the template doesn't
necessarily reflect my current setup, etc.

I have configured a policy to allow all traffic to pass through, but
it's a no go.

Here are some of the details:

1. I'm running Standard Edition (I'm sure that doesn't matter).
2. The ISA server has two interfaces, one for the internal network and
one for the DMZ. I'd like traffic (ALL) from clients on the internal
network to be routed to the gateway on the DMZ and on to the internet.
3. I can ping addresses on the internal network from the ISA server.
There are no other machines active on the DMZ to attempt to ping, but I
am unable to ping addresses on the internet.
4. I was able to change the system policy and allow mmc and terminal
services connections for administration to the ISA machine. I have
tested both and found them both to be successful.

I remember reading something a while back about how the actual NIC's
are supposed to be setup on an ISA box. I thought that I recall
something about how they're not supposed to have default gateways
assigned to them. Does anyone know anything about this specifically?
Currently, I've left the internal NIC without a gateway while keeping
the one connected to the DMZ configured.

Lastly, a client machine configured to use the address of the internal
interface of the ISA server as its default gateway and proxy server can
not ping internet addresses or browse the web. The proxy server
delivers a web page stating that the "ISA server denied the specified
URL".

Any help or a point in the right direction would be great!

.

---

• Prev by Date: Webpage Redirection
• Next by Date: Re: Back firewall won't pass traffic...
• Previous by thread: Webpage Redirection
• Next by thread: Re: Back firewall won't pass traffic...
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Back firewall wont pass traffic... ... know what the address range of the DMZ is supposed to be. ... the ISA treats your other interface as external. ... network to be routed to the gateway on the DMZ and on to the internet. ... (microsoft.public.isa) ISA 2004 als WebProxy ... einen ISA Server im Zuge der Umstellung ... wenn Clients via Internet Explorer surfen ... in der DMZ soll bestehen bleiben, der ISA soll eigentlich nur regeln, wer auf ... (microsoft.public.de.german.isaserver) RE: ISA 2004 and the internet connection ... I understand the issue to be: Internet access became ... slow after you upgrade ISA 2000 to ISA 2004 for a month. ... Open the ISA Server management console, ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: cant ping gateway IP address ... Open ISA server, and find the "SBS Internet Access Rule", move it to the ... 'Microsoft Firewall' service. ... (microsoft.public.windows.server.sbs) RE: 504 Proxy timeout only with SSL traffic ... the DMZ network is considered External to the ... this may have an effect when you access the DMZ. ... And can access all other HTTPS sites on the internet? ... that there may be something wrong with the proxy engine on the ISA, ... (microsoft.public.isa)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.configuration  > 2006-09