Re: 2 NIC ISA 2006 behind a D-LINK Router

On Apr 1, 11:04 am, "Phillip Windell" <philwind...@xxxxxxxxxxx> wrote:
"YOSSI" <yoha...@xxxxxxxxx> wrote in message

news:10e6c8ed-45c6-4c9f-b558-4e4e7272b75d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I can't seem to get this to work. It may be an IP address
misconfiguration or something else. Here's the setup:
DSL modem with a static external ip address connected directly to a
Dlink router.
Dlink router has an LAN ip of 172.16.1.1 & subnet of 255.255.255.0

Fine,...but you need to keep in mind that you have created a meniacle
Back-to-Back DMZ to deal with between the ISA and the DLink.

ISA 2006 Server which is connected to the LAN port of Dlink router has
the WAN NIC ip address set to 172.16.1.2, gateway is 172.16.1.1 & DNS
set to 192.168.1.253.

Fine,..but you can leave the DNS blank on the external nic.

ISA 2006 Server has LAN NIC (which is connected to a switch) with an
ip address of 192.168.1.1, DNS set to 192.168.1.253 & no gateway
defined.

Fine.

There are about 20 other computers connected to the switch that all
receive 192.168.1.x ip addresses & subnet of 255.255.255.0 & gateway
of 192.168.1.1 & DNS of 192.168.1.253 from our domain controller which
is a DHCP server. Thanks alot in advance.

Fine,...although I would have use a much higher IP range in the third Octet
to avoid the ectrememly heavliy over used "1" subnet. You will never be
able to establish a Site-to-Site VPN or any other private connection to
another network if they use the same range,...which is very likely with such
and over-user range as 192.168.1.*. But it is kinda too late now without
re-addressing the whole LAN.

Anyway,...everything looks fine,...so what doesn't work?????

--
Phillip Windellwww.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

I have removed the DNS entry from WAN NIC.
The results from all this are that from the ISA Server, I can ping
external websites via ip address but not via web address. From any
other PC, I can only ping ISA's WAN NIC of 172.16.1.2 but I cannot
ping the DLINK Router ip which is 172.16.1.1.
I do have forwarders configured on my internal DNS Server of
192.168.1.253.
I then tried entering my ISP's external DNS Server ip onto the WAN NIC
of ISA Server (is it ok to do that?) & was able to resolve web
addresses via name but still have an issue with all other computers on
the network that they cannot ping DLINK router 172.16.1.1 but they can
ping ISA's WAN NIC of 172.16.1.2.
.

Relevant Pages

  • Re: Hosts file ignored
    ... > any of the entries I have made to the server's hosts file. ... > Successfully flushed the DNS Resolver Cache. ... > I am not running a DNS server on my system. ... > I can ping IP addresses without any problem, both on the LAN and on ...
    (microsoft.public.windows.server.general)
  • Re: HTTP trouble in 2004
    ... In this way, all DNS ... how does this server resolve external ... They are just HTTP ... > Ping in ALLOW PING protool from EXTERNAL to INTERNAL ...
    (microsoft.public.isaserver)
  • Re: loss of SOME connectivity
    ... I'm a little concerned about your Primary DNS suffix and your DHCP. ... Is your router handling DHCP for the network? ... Ethernet adapter Server Local Area Connection: ... I get "Ping request could not find ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant see out to .co.uk from inside my .local domain (forward l
    ... Well I removed the entry from my hosts file and issued a ping command to both ... network only from the server which I changed the hosts file for. ... Indeed is it even a DNS issue. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant see out to .co.uk from inside my .local domain (forward l
    ... Ping cp.xxx.co.uk, same question. ... I found out the ip of my .co.uk so I put this into the hosts file of the ... network only from the server which I changed the hosts file for. ... Indeed is it even a DNS issue. ...
    (microsoft.public.windows.server.sbs)