Re: ISA 2006 Basic Configuration

What does Ping have to do with it? You allowed Web Access, DNS Access, and
VPN,...those are not Ping,...therefore Ping is not allowed. Ping only
works for SecureNAT Clients anyway and is basically pointless to mess with.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Guzun, Alex" <a> wrote in message
news:73E12E19-A6F9-4FEB-B4CA-8B7FF6CC8912@xxxxxxxxxxxxxxxx
This was done earlier
I have deployed a template that allow these: Web Access Only, Allow DNS to
the Internet, VPN Clients to the internet.

I'm able to ping local IP, but can't external :(

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\admin>ping 10.0.1.1

Pinging 10.0.1.1 with 32 bytes of data:

Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\admin>ping www.google.com
Ping request could not find host www.google.com. Please check the name and
try a
gain.

So it's dns problem, but can't figure out what it is exactly.
I have local DNS installed on 10.0.1.2 server.



"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:usvAHE7rIHA.4560@xxxxxxxxxxxxxxxxxxxxxxx
Add your LAN's 10 address range to the Addresses Tab of the Internal
Network Definition.
Remove any other addresses that aren't supposed to be there.

Create Access Rules to allow traffic that you want to allow. By default
everything is denied.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"Guzun, Alex" <a> wrote in message
news:BBA5B3F6-F2CE-479F-967A-83ADC13CFF20@xxxxxxxxxxxxxxxx
Guys.. I'm getting no luck :(
Please help me as you can, just initial setup to get the traffic in and
out

Look, I have a eth cable from out ISP with public IP 162.168.x.x
I got a two server IT, one of those is ISA with two NIC cards
One NIC is set up using 162.168.x.x. , mask and ISP's GW and no DNS (Use
the following, but empty)
Second internal NIC is set up using 10.0.1.1, mask, no GW and internal
DNS (10.0.1.2, in the second server)

What should I do next, I can't figure out?

My ISA says this:

Description: The routing table for the network adapter Internal includes
IP address ranges that are not defined in the array-level network
Internal, to which it is bound. As a result, packets arriving at this
network adapter from the IP address ranges listed below or sent to these
IP address ranges via this network adapter will be dropped as spoofed.
To resolve this issue, add the missing IP address ranges to the array
network.
The following IP address ranges will be dropped as spoofed:
External:10.0.0.0-10.0.0.0,10.0.100.1-10.0.255.255;

ISA Server detected routes through the network adapter External that do
not correlate with the network to which this network adapter belongs.
When networks are configured correctly, the IP address ranges included
in each array-level network must include all IP addresses that are
routable through its network adapters according to their routing tables.
Otherwise valid packets may be dropped as spoofed. The following ranges
are included in the network's IP address ranges but are not routable
through any of the network's adapters:
10.0.0.0-10.0.0.0,10.0.100.1-10.0.255.255,10.255.255.255-10.255.255.255;.
Note that this event may be generated once after you add a route, create
a remote site network, or configure Network Load Balancing and may be
safely ignored if it does not re-occur.

Thank you in advance.

"John" <a> wrote in message
news:#GSia9jqIHA.1872@xxxxxxxxxxxxxxxxxxxxxxx
I have just installed Windows Server 2003 R2 SP2 on a machine that has
2 NICs. This is a standalone machine. My next step is to join Windows
Server 2003 AD domain. After that, I'll install ISA2006 on this
machine.

I'm not sure how to configure the internal and external NICs, gateway,
preferred/alternate DNS etc. If I understand correctly, it should be as
follows:

External NIC (I do have a real static IP - but it's not the one shown
below)
IP: 1.2.3.4 / 248
Gateway: 1.2.3.1 / 248
DNS: should I use Windows 2003 DNS in the trusted LAN or ISP's DNS??

Internal NIC (private IP)
IP: 192.168.1.2
Gateway: <empty> ??
DNS: I think the internal interface should point to Windows 2003 DNS
but feel free to correct me


I'm also looking for a basic ISA configuration settings (walk thru or
read me documentation). Can someone point me in the right direction?
Thanks much.





.

Relevant Pages

  • Re: ISA 2006 Basic Configuration
    ... Microsoft Internet Security & Acceleration Server: ... I have deployed a template that allow these: Web Access Only, Allow DNS to the Internet, VPN Clients to the internet. ... The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, ...
    (microsoft.public.isa.configuration)
  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2006 Basic Configuration
    ... DNS is installed on the ... Configuring the Internal Network Interface ... In the Internet Protocol Properties dialog box, ... Select the Use the following DNS server addresses option. ...
    (microsoft.public.isa.configuration)
  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)