Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
2 Nics, no internet access.. help
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
2 Nics, no internet access.. help - 8.Oct.2006 4:28:42 AM
|
|
|
MickX
Posts: 9
Joined: 8.Oct.2006
Status: offline
|
Hi,
I'm kinda new to ISA server.
I'm using ISA 2004 for a school project, but something doesn't work right and for that reason we have no internet access.
I've made a drawing of my network.
( Edit: sometimes the drawing isn't loading, to view the drawing manually click this link: http://www.questnet.nl/net.jpg )
All devices can't get access to internet, also the ISA server hasn't got connection.
When i connect the DC / DNS / DHCP server directly to the router, is has connection and is browsable, but when i connect it back to the network (Behind the ISA server) no connection is available
( Edit 2: Also, when i put in the internal IP adresses, 192.168.0.x on the 'internal network addresses tab' it also says i have to input all private ranges, 10.0.0.1, 172.68.16.x, etc is this normal? i don't even use those ranges..)
The router: 192.168.2.1
From that, a cable is going to a nic on the ISA server.
This nic has ip: 192.168.2.2 (for connecting to the router)
The other nic in the ISA server is using IP: 192.168.0.1
That 0.1 is our netwerk address.
Please look at the example drawing and tell me what i can do to fix it.
The ISA server has the standaard default configuration (as when it was installed)
The PC's and servers in my network don't use the firewall client, what is the firewall client exactly?
A piece of software on the local PC's? or is it the ISA server itself?
How can i configure ISA server to be the network's 'router' and NAT, etc.
Thanks in advice!
-miCk
< Message edited by MickX -- 8.Oct.2006 5:34:12 AM >
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 5:37:12 AM
|
|
|
Guest
|
Hi mate!
first before install ISA on your server configure your adapters.
Name the one connecting to the router External, the one connecting to your network Internal.
Also get rid of unuseful protocols from external adapter(client for microsoft net.., file and printer sharing...)...
don't put any gateway on Internal.
http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
Then when install ISA for start choose to define your internal network by adapter(in your case this will be enough, depends on your wlan) and get rid of 10.0.0.1, 172.68.16.x...... unckeck that checkbox. You don't need this.
what do you mean by "it has no connection"?
your adapter is show as disconnected or you can't acces the Internet ?
by default ISA blocks all.
you have to define some access rules and also pay attention how you define your network rules between Internal and External.......
by the way, ISA should not be allowed hhtp connection when you define your htpp rules.
quote:
The PC's and servers in my network don't use the firewall client, what is the firewall client exactly?
A piece of software on the local PC's? or is it the ISA server itself?
You're funny my friend!
first servers should not use the FWC.
then you may like to read this:
http://www.isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Client.html
< Message edited by adrian_dimcev -- 8.Oct.2006 5:42:30 AM >
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 5:59:34 AM
|
|
|
MickX
Posts: 9
Joined: 8.Oct.2006
Status: offline
|
quote:
ORIGINAL: adrian_dimcev
10.0.0.1, 172.68.16.x...... unckeck that checkbox. You don't need this.
what do you mean by "it has no connection"?
Haha, i mean that i can't reach the internet, it has a connection, but i can't access the internet, but i think thats because there is a "Default block all' rule.
I'll try this all!
I've make some mistakes i see, first of all, i have those things (microsoft print bla bla) activated on both nics, and the internal nic has the gateway IP adres of the Domain controller / DNS / DHCP server.
Does the internal nic card require a gateway address? or just leave it blank.
It would be like this then.
External nic IP: 192.168.2.2 (connection to the router)
External nic gateway: 192.168.2.1 (router's gateway)
External nic DNS: 192.168.2.1 (the router's dns server...)
Internal nic IP: 192.168.0.1 (main IP of the ISA server then..)
Internal nic gateway: none (doesn't require one?)
Internal nic DNS: 192.168.0.10 (the networks DNS / DHCP / DC server)
And what do you mean with:
"by the way, ISA should not be allowed hhtp connection when you define your htpp rules. "
Deny (only) the ISA server http connections? so you can't browse or view the web from the ISA server?
Thanks for your help! it's been very usefull till now :D
-miCk.
< Message edited by MickX -- 8.Oct.2006 6:02:21 AM >
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 6:29:57 AM
|
|
|
Guest
|
Yes, the Internal adapter has no gateway.
you set the gateway only on External.
also no DNS on External.
If you have DNS servers from ISP, use Forwarders in you Internal DNS server
by the way if you set on a windows pc that has multiple nics many DG you will mess things.
quote:
so you can't browse or view the web from the ISA server?
that's right. its' not good to surf the web from ISA.
only if you really need this(update something, in this case just temporaly create an allow rule.....)
Have Fun!
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 7:17:10 AM
|
|
|
MickX
Posts: 9
Joined: 8.Oct.2006
Status: offline
|
Hi,
back again haha.
I've done some things, and i'm now able to browse the internet from the ISA machine (i know, it's a bad idea.. but i needed SP 1 en SP 2 for ISA2004 so i'm installing them right now on this moment)
I've also set an access rule "Allow all outbound traffic from all sources to external network" but i'm not able to browse the internet from other machine's except the ISA server itself.
It's also not possible to do any pings to the machine etc.
Is it wise to set an option "Allow ALL from 192.168.0.10 from that IP to the ISA server" (that IP belongs to the DC / DNS / DHCP server)
In this case the DC can send (and recieve?) all protocols to the ISA server
When you create a rule, you can select for who the rule is. if you click on "select" you can search for users and PC's, but it can't find the domain?
by the way, I've added the ISA server to the domain (as a domain computer)
I'm sorry for my bad english haha, it's not my best side.
[EDIT: i've removed the DNS from the external nic card (connecting to the router) but now i'm not able to browse the web, i put in the DNS from the local DNS server, and also no response. i've put back the DNS IP from the router, 192.168.2.1 and now i'm able to browse the net again, are you sure i don't have to fill in anything in the DNS server field from the external nic?)
Thnx in advance again!
-miCk.
< Message edited by MickX -- 8.Oct.2006 7:33:47 AM >
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 8:04:22 AM
|
|
|
Guest
|
quote:
are you sure i don't have to fill in anything in the DNS server field from the external nic?
hmmm!
I think that you are a little lost here mate!
first before of doing some hands on labs make sure that you read some proper materials.
if you can't find on ISA the domain this means you are not connected to it!
I hope you did not disable the Client for Microsoft Networks on the Internal adapter of ISA!
put the internal DNS Server on ISA Internal adapter and NOTHING on external!
check how you setup DNS and about access rules.
for example for hhtp browsing you need to enable hhtp, https from internal to external for beggining apply this to all users(not authenticated) and DNS from DC/DNS/DHCP to external.
also ISA installed by default is a proxy server so you can force all your clients to go and use ISA as proxy.
check your gw on your clients(use ISA as their gw). this means securenat(no authentication).
as I said before put as forwarders in your DNS server the DNS servers your ISP give to you.
not exactly what you're looking for but:
http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 8:26:44 AM
|
|
|
MickX
Posts: 9
Joined: 8.Oct.2006
Status: offline
|
Oke then.
I've disabled the proxy server from ISA, and suddenly, all clients could browse the internet..
I've also put in an "allow all outbound traffic" rule, and now the ISA server see's and can connect to the domain controller.
Now about the internal DNS, i've used DCPROMO.exe to install Active Directory, and then installed DNS, i've also installed an reversed lookup zone, but thats all, i didn't 'configure' anything on the DNS server.
When i put the internal DNS server address (192.168.0.10) on the internal network card on the isa server, it didn't work. i could not browse the web.
(But that was before i had any options configured for the DC/DNS/DHCP server)
I hope it works now... stay tuned. haha
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 9:05:35 AM
|
|
|
Guest
|
quote:
I've also put in an "allow all outbound traffic" rule, and now the ISA server see's and can connect to the domain controller.
Is your DC on the External network?
to allow ISA to do something you have to allow localhost(this is the name of ISA)!
ISA is not getting anywhere to access DC!
as default you have some policies set on ISA!
there are 30 of them!
but you don't see them 'cause they are hidden because when I guy like you hit the ISA management console to not damage some vital settings!
you should have only one DNS set on ISA: the internal one!
you don't have to disable proxy.
http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.html:
read my friend! read !
there are many articles arround here!
But if you think it works like how you've set it then.....!
< Message edited by adrian_dimcev -- 8.Oct.2006 9:17:42 AM >
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 9:39:50 AM
|
|
|
Guest
|
Yep!
put on DC/DNS/DHCP: DG: 192.168.0.1, DNS: 192.168.0.10 + ISPs as Forwarders.
leave the dhcp for a while and try to configure your clients manually just tu make sute everything is working.
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 8.Oct.2006 9:53:44 AM
|
|
|
Guest
|
You configure DNS Forwarders in the DNS console of your server.
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 20.Oct.2006 6:19:01 AM
|
|
|
MickX
Posts: 9
Joined: 8.Oct.2006
Status: offline
|
Oke. it is working. But it takes lang before an internet page is loaded (around 3 / 4 seconds)
Without the ISA server, it is loaded in 1 or 2 seconds.
What are the minimumspecs for the ISA 2004 server?
I'm using a Pentium 3, 866mhz with 640MBRam.
Greetz.
|
|
|
|
|
RE: 2 Nics, no internet access.. help - 20.Oct.2006 7:00:24 AM
|
|
|
MickX
Posts: 9
Joined: 8.Oct.2006
Status: offline
|
thanks!!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
