Re: Clients get wrong IP for ISA server
From: J.C. Hornbeck [MSFT] (jchornbe_at_online.microsoft.com)
Date: 03/16/04
- Next message: Mohamed Anwar: "Re: Need ISA to pass client IP to the internal site"
- Previous message: J.C. Hornbeck [MSFT]: "Re: Is it better to use Web proxy or Snat?"
- In reply to: Tony Su: "Clients get wrong IP for ISA server"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 16 Mar 2004 09:10:17 -0600
Tony is absolutely right. When you do this also check to make sure that the
external interface is not dynamically registering that address in your DNS
as well, otherwise it may come right back. The checkbox for this is within
the properties of the network connection -> properties of TCP/IP ->
Advanced -> DNS tab.
-- J.C. Hornbeck, MCSE Microsoft Product Support NOTE: Please reply to the newsgroup and not directly to me. This allows others to add to and benefit from these threads and also helps to ensure a more timely response. Thank you! This posting is provided "AS IS" without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. "Tony Su" <anonymous@discussions.microsoft.com> wrote in message news:c2e601c408a5$8a9149e0$a501280a@phx.gbl... > Absolutely yes, > But most people just say they don't know why they can't > access the Internet, congrats on determining perhaps the > number one problem for FW and Web proxy client failure. > > This should make sense to you... > - The Web and FW clients by default are configured to > connect to the ISA server by machine name > - ISA boxes usually are multi-homed > - Particularly if DNS is running on ISA, <by default MS > DNS will create an A record for every IP address on the > box>. > > So, put all that together you are looking at least two IP > addresses which are bound to most ISA boxes (WAN and LAN > addresses) and if you add additional addresses for various > reasons (multiple websites? multiple SMTP servers?) you'll > exacerbate the problem... because at the least the > outbound Web Listener will be bound only to the LAN > interface and may even be bound to only one address on the > LAN interface. > > So, the solution should be to remove all unnecessary A > records in your DNS to force client resolution <only> to > the primary LAN address. > > Tony Su > > > > > > > >-----Original Message----- > >Hi, > > > >Occasionally, proxy clients in my lan incorrectly > resolved IP address for > >ISA server so they could not go out to internet. I > pinged the ISA server > >and got replied from an IP that was designated for VPN > clients connecting > >from internet to the ISA server. Our DNS did not record > the VPN IP. I had > >to bounce the ISA server and nbtstat workstations. > Sometimes it works right > >away. At others, it took like 15 mins. Has anyone seen > this problem? > > > >My config: > >Win2k sp4 > >ISA2k sp1 and hotfix > >All workstations are win2k pro > > > >TIA, > > > >Cal > > > > > >. > >
- Next message: Mohamed Anwar: "Re: Need ISA to pass client IP to the internal site"
- Previous message: J.C. Hornbeck [MSFT]: "Re: Is it better to use Web proxy or Snat?"
- In reply to: Tony Su: "Clients get wrong IP for ISA server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
