Re: ISA 2006 Basic Configuration

Ok, very good.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Guzun, Alex" <a> wrote in message
news:70C6430E-B42A-468F-9131-6C0D7BEDDFE1@xxxxxxxxxxxxxxxx
Got it working :)
I've got isasequickstart.doc, and followed the steps :)

"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:OLE6U0QtIHA.3804@xxxxxxxxxxxxxxxxxxxxxxx
Did you create the Rule for DNS properly?
Is it at or near the top of the list?
Is it allowing anonymously (All Users)?
Does the AD/DNS Server have the ISP's DNS properly configured as a
Forwarder?
Does the ISA correctly use the AD/DNS and none other?


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Guzun, Alex" <a> wrote in message
news:2B4381E5-7AB7-4992-8EE1-8877C8F7F0F8@xxxxxxxxxxxxxxxx
I mean hostname can't be resolved

"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:OMsx2vEtIHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
What does Ping have to do with it? You allowed Web Access, DNS Access,
and VPN,...those are not Ping,...therefore Ping is not allowed. Ping
only works for SecureNAT Clients anyway and is basically pointless to
mess with.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server
2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Guzun, Alex" <a> wrote in message
news:73E12E19-A6F9-4FEB-B4CA-8B7FF6CC8912@xxxxxxxxxxxxxxxx
This was done earlier
I have deployed a template that allow these: Web Access Only, Allow
DNS to the Internet, VPN Clients to the internet.

I'm able to ping local IP, but can't external :(

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\admin>ping 10.0.1.1

Pinging 10.0.1.1 with 32 bytes of data:

Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\admin>ping www.google.com
Ping request could not find host www.google.com. Please check the name
and try a
gain.

So it's dns problem, but can't figure out what it is exactly.
I have local DNS installed on 10.0.1.2 server.



"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:usvAHE7rIHA.4560@xxxxxxxxxxxxxxxxxxxxxxx
Add your LAN's 10 address range to the Addresses Tab of the Internal
Network Definition.
Remove any other addresses that aren't supposed to be there.

Create Access Rules to allow traffic that you want to allow. By
default everything is denied.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server
2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"Guzun, Alex" <a> wrote in message
news:BBA5B3F6-F2CE-479F-967A-83ADC13CFF20@xxxxxxxxxxxxxxxx
Guys.. I'm getting no luck :(
Please help me as you can, just initial setup to get the traffic in
and out

Look, I have a eth cable from out ISP with public IP 162.168.x.x
I got a two server IT, one of those is ISA with two NIC cards
One NIC is set up using 162.168.x.x. , mask and ISP's GW and no DNS
(Use the following, but empty)
Second internal NIC is set up using 10.0.1.1, mask, no GW and
internal DNS (10.0.1.2, in the second server)

What should I do next, I can't figure out?

My ISA says this:

Description: The routing table for the network adapter Internal
includes IP address ranges that are not defined in the array-level
network Internal, to which it is bound. As a result, packets
arriving at this network adapter from the IP address ranges listed
below or sent to these IP address ranges via this network adapter
will be dropped as spoofed. To resolve this issue, add the missing
IP address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
External:10.0.0.0-10.0.0.0,10.0.100.1-10.0.255.255;

ISA Server detected routes through the network adapter External that
do not correlate with the network to which this network adapter
belongs. When networks are configured correctly, the IP address
ranges included in each array-level network must include all IP
addresses that are routable through its network adapters according
to their routing tables. Otherwise valid packets may be dropped as
spoofed. The following ranges are included in the network's IP
address ranges but are not routable through any of the network's
adapters:
10.0.0.0-10.0.0.0,10.0.100.1-10.0.255.255,10.255.255.255-10.255.255.255;.
Note that this event may be generated once after you add a route,
create a remote site network, or configure Network Load Balancing
and may be safely ignored if it does not re-occur.

Thank you in advance.

"John" <a> wrote in message
news:#GSia9jqIHA.1872@xxxxxxxxxxxxxxxxxxxxxxx
I have just installed Windows Server 2003 R2 SP2 on a machine that
has 2 NICs. This is a standalone machine. My next step is to join
Windows Server 2003 AD domain. After that, I'll install ISA2006 on
this machine.

I'm not sure how to configure the internal and external NICs,
gateway, preferred/alternate DNS etc. If I understand correctly, it
should be as follows:

External NIC (I do have a real static IP - but it's not the one
shown below)
IP: 1.2.3.4 / 248
Gateway: 1.2.3.1 / 248
DNS: should I use Windows 2003 DNS in the trusted LAN or ISP's
DNS??

Internal NIC (private IP)
IP: 192.168.1.2
Gateway: <empty> ??
DNS: I think the internal interface should point to Windows 2003
DNS but feel free to correct me


I'm also looking for a basic ISA configuration settings (walk thru
or read me documentation). Can someone point me in the right
direction? Thanks much.









.

Relevant Pages

  • Re: List of servers in this workgroup is currently not available.
    ... Computer description appears before the computer name in the My Network ... Microsoft CSS Online Newsgroup Support ... <recently installed a D-Link print server with a reserved IP. ... <As soon as I uninstalled the print server and rebooted the computers, ...
    (microsoft.public.windows.server.sbs)
  • RE: Simple ISA 2004 questions
    ... You'd better create a new GPO for IE proxy, ... Run "gpmc.msc" in SBS server, ... ISA Server 2004 Query can give you some help. ... In the Microsoft Internet Security and Acceleration Server 2004 console, ...
    (microsoft.public.windows.server.sbs)
  • RE: LDAP & Find People not working
    ... > Microsoft CSS Online Newsgroup Support ... > This newsgroup only focuses on SBS technical issues. ... > | Yes, the scanner is on the local area network, so as you indicated below, ... > | So I wonder why the scanner does not see the LDAP server. ...
    (microsoft.public.windows.server.sbs)
  • RE: "Delayed Write Failed" error message when you write a file to
    ... We have a small network and the incident has happened just once. ... message when you write a large file to a server. ... Windows XP Service Pack 2. ... Click Services tab and select Hide All Microsoft Services and Disable ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2006 Basic Configuration
    ... Does the AD/DNS Server have the ISP's DNS properly configured as a Forwarder? ... Microsoft Internet Security & Acceleration Server: ... Microsoft ISA Server Partners: Partner Hardware Solutions ... The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, ...
    (microsoft.public.isa.configuration)