Re: ISA 2006 Basic Configuration

I just downloaded isasequickstart.doc and read it to satisfy my curiosity.

The following instruction doesn't make sense (particulary step 5 where it
says "This is the same number you entered in step 4"). It tells us to
configure Preferred DNS to point to itself.

Why would we point Preferred DNS to itself? Shouldn't we point it to active
directory DNS servers (in the LAN) instead?

Configuring the Internal Network Interface
....
1. Right click the My Network Places icon on the desktop and click the
Properties option.
2. In the Network Connections window, right click the internal network
interface and click the Properties option.
3. In the network interface's Properties dialog box, click the Internet
Protocol (TCP/IP) entry and then click the Properties button.
4. In the Internet Protocol (TCP/IP) Properties dialog box, select the Use
the following IP address option. Enter the IP address for the internal
interface in the IP address text box. Enter the subnet mask for the internal
interface in the Subnet mask text box. Do not enter a default gateway for
the internal interface.
5. Select the Use the following DNS server addresses option. Enter the IP
address of the internal interface of the ISA Server 2004 computer in the
Preferred DNS server text box. This is the same number you entered in step
4. Click OK in the Internet Protocol (TCP/IP) Properties dialog box.
6. Click OK on the internal interface's Properties dialog box.



"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:%23yvqdHouIHA.3564@xxxxxxxxxxxxxxxxxxxxxxx
Ok, very good.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Guzun, Alex" <a> wrote in message
news:70C6430E-B42A-468F-9131-6C0D7BEDDFE1@xxxxxxxxxxxxxxxx
Got it working :)
I've got isasequickstart.doc, and followed the steps :)

"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:OLE6U0QtIHA.3804@xxxxxxxxxxxxxxxxxxxxxxx
Did you create the Rule for DNS properly?
Is it at or near the top of the list?
Is it allowing anonymously (All Users)?
Does the AD/DNS Server have the ISP's DNS properly configured as a
Forwarder?
Does the ISA correctly use the AD/DNS and none other?


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Guzun, Alex" <a> wrote in message
news:2B4381E5-7AB7-4992-8EE1-8877C8F7F0F8@xxxxxxxxxxxxxxxx
I mean hostname can't be resolved

"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:OMsx2vEtIHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
What does Ping have to do with it? You allowed Web Access, DNS
Access, and VPN,...those are not Ping,...therefore Ping is not
allowed. Ping only works for SecureNAT Clients anyway and is
basically pointless to mess with.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server
2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Guzun, Alex" <a> wrote in message
news:73E12E19-A6F9-4FEB-B4CA-8B7FF6CC8912@xxxxxxxxxxxxxxxx
This was done earlier
I have deployed a template that allow these: Web Access Only, Allow
DNS to the Internet, VPN Clients to the internet.

I'm able to ping local IP, but can't external :(

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\admin>ping 10.0.1.1

Pinging 10.0.1.1 with 32 bytes of data:

Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128
Reply from 10.0.1.1: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\admin>ping www.google.com
Ping request could not find host www.google.com. Please check the
name and try a
gain.

So it's dns problem, but can't figure out what it is exactly.
I have local DNS installed on 10.0.1.2 server.



"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:usvAHE7rIHA.4560@xxxxxxxxxxxxxxxxxxxxxxx
Add your LAN's 10 address range to the Addresses Tab of the Internal
Network Definition.
Remove any other addresses that aren't supposed to be there.

Create Access Rules to allow traffic that you want to allow. By
default everything is denied.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server
2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"Guzun, Alex" <a> wrote in message
news:BBA5B3F6-F2CE-479F-967A-83ADC13CFF20@xxxxxxxxxxxxxxxx
Guys.. I'm getting no luck :(
Please help me as you can, just initial setup to get the traffic in
and out

Look, I have a eth cable from out ISP with public IP 162.168.x.x
I got a two server IT, one of those is ISA with two NIC cards
One NIC is set up using 162.168.x.x. , mask and ISP's GW and no DNS
(Use the following, but empty)
Second internal NIC is set up using 10.0.1.1, mask, no GW and
internal DNS (10.0.1.2, in the second server)

What should I do next, I can't figure out?

My ISA says this:

Description: The routing table for the network adapter Internal
includes IP address ranges that are not defined in the array-level
network Internal, to which it is bound. As a result, packets
arriving at this network adapter from the IP address ranges listed
below or sent to these IP address ranges via this network adapter
will be dropped as spoofed. To resolve this issue, add the missing
IP address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
External:10.0.0.0-10.0.0.0,10.0.100.1-10.0.255.255;

ISA Server detected routes through the network adapter External
that do not correlate with the network to which this network
adapter belongs. When networks are configured correctly, the IP
address ranges included in each array-level network must include
all IP addresses that are routable through its network adapters
according to their routing tables. Otherwise valid packets may be
dropped as spoofed. The following ranges are included in the
network's IP address ranges but are not routable through any of the
network's adapters:
10.0.0.0-10.0.0.0,10.0.100.1-10.0.255.255,10.255.255.255-10.255.255.255;.
Note that this event may be generated once after you add a route,
create a remote site network, or configure Network Load Balancing
and may be safely ignored if it does not re-occur.

Thank you in advance.

"John" <a> wrote in message
news:#GSia9jqIHA.1872@xxxxxxxxxxxxxxxxxxxxxxx
I have just installed Windows Server 2003 R2 SP2 on a machine that
has 2 NICs. This is a standalone machine. My next step is to join
Windows Server 2003 AD domain. After that, I'll install ISA2006 on
this machine.

I'm not sure how to configure the internal and external NICs,
gateway, preferred/alternate DNS etc. If I understand correctly,
it should be as follows:

External NIC (I do have a real static IP - but it's not the one
shown below)
IP: 1.2.3.4 / 248
Gateway: 1.2.3.1 / 248
DNS: should I use Windows 2003 DNS in the trusted LAN or ISP's
DNS??

Internal NIC (private IP)
IP: 192.168.1.2
Gateway: <empty> ??
DNS: I think the internal interface should point to Windows 2003
DNS but feel free to correct me


I'm also looking for a basic ISA configuration settings (walk thru
or read me documentation). Can someone point me in the right
direction? Thanks much.











.