Re: 2 NIC ISA 2006 behind a D-LINK Router
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Wed, 2 Apr 2008 09:15:42 -0500
"YOSSI" <yohayon@xxxxxxxxx> wrote in message
news:25812114-0a5f-44d7-a9a2-bd8c2edb2753@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have removed the DNS entry from WAN NIC.
Ok
The results from all this are that from the ISA Server, I can ping
external websites via ip address but not via web address. From any
other PC, I can only ping ISA's WAN NIC of 172.16.1.2 but I cannot
ping the DLINK Router ip which is 172.16.1.1.
By default ISA does not allow ping,...at all,...anywhere.
Even if you allow Ping, the Rule must be "anonymous" and *only* SecureNAT
Clients can use it.
Even allowing ping to or from the ISA does not allow it for the LAN,...ISA
is *not* part of "Internal".
Bottom line,....*forget* about using Ping as a valid testing tool. Instead
use the exact protocol with the exact Application to test with,...in other
words,...test with the same thing you are trying to use.
I do have forwarders configured on my internal DNS Server of
192.168.1.253.
Good.
Keep them
I then tried entering my ISP's external DNS Server ip onto the WAN NIC
of ISA Server (is it ok to do that?)
No,...it is not. Remove it.
& was able to resolve web
addresses via name but still have an issue with all other computers on
the network that they cannot ping DLINK router 172.16.1.1 but they can
ping ISA's WAN NIC of 172.16.1.2.
Add a Rule at the top of the Rule List that allows "anonymous" outbound DNS
Queries from the AD/DNS Server. Limit it to only the AD/DNS Server to
weed-out any machine that may have "rogue" DNS entries.
If you DNS Server cannot reach the Forwarders to make a query then
resolution will fail.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- References:
- 2 NIC ISA 2006 behind a D-LINK Router
- From: YOSSI
- Re: 2 NIC ISA 2006 behind a D-LINK Router
- From: Phillip Windell
- Re: 2 NIC ISA 2006 behind a D-LINK Router
- From: YOSSI
- 2 NIC ISA 2006 behind a D-LINK Router
- Prev by Date: Re: isa 2k4 and second subnet inside network host ( vmware )
- Next by Date: Help! *nix machines cannot connect to internal web sites, windows boxes fine.
- Previous by thread: Re: 2 NIC ISA 2006 behind a D-LINK Router
- Next by thread: ISA URL set
- Index(es):
Relevant Pages
|
