Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Configuration problem ..

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Configuration problem .. Page: [1]
Login
Message << Older Topic   Newer Topic >>
Configuration problem .. - 30.Oct.2006 8:40:42 AM   
adgroup

 

Posts: 130
Joined: 11.May2006
Status: offline 		hi

My scenario is as under.
I have ISA 2004 with SP2 on Windows 2003 with SP1. Clients are of mixed environment of windows XP and windows 2003. Network Settings are as under.

IP SETTINGS.
DSL ROUTER  (LAN IP) = 192.168.0.17
DSL ROUter External = 202.147.175.145

DOMAIN CONTROLLER (1ST IP) = 10.1.1.1
DOMAIN CONTROLLER (2ND IP) =  192.168.0.150
DOMAIN CONTROLLER DEFAULT GATEWAY = 192.168.0.17
DNS IP ADDRESS = 10.1.1.1    (LOCAL DNS ADS INTEGRATED ZONE)
ALTERNATE DNS = 10.1.1.2    (SAME AS ABOVE)

BACKUP DOMAIN CONTROLLER (1ST IP) = 10.1.1.2
BACKUP DOMAIN CONTROLLER (2ND IP) = 192.168.0.151
DEFAULT GATEWAY = 192.168.0.17
DNS IP ADDRESS = 10.1.1.1   (LOCAL DNS ADS INTEGRATED ZONE)
ALTERNATE DNS IP ADDRESS = 10.1.1.2   (SAME AS ABOVE).

ISA SERVER LAN IP SETTINGS
Ip address = 10.1.1.3
Default Gateway = none
Primary dns = 10.1.1.1
Alternate Dns = 10.1.1.2

ISA SERVER 2ND NIC IP SETTINGS.
Ip address = 192.168.0.16
Default settings = 192.168.0.17      (Ip address of DSL Router)

Note*
In dns i have enable forwarder to ISP DNS Servers.

I just want to know that are the above mentioned settings OK?

I don't know why I gave the 2nd ip addresses to PDC and DC, But without this my internet is not working. also If i give the LAN IP of ISA server in the default gate of PDC & BDC then also my internet is not working, So for internet i have added the 2nd IP addresses on PDC & BDC and add the dsl router ip address in the default gateway of PDC and BDC.

But now YAHOO MESSENGER is not working for USER ABC
Although i have created rule for Yahoo messenger
Allow HTTP, HTTPS from internal to external to all user except ABC.
Then in the CONFIGURE HTTP i have added the yahoo messenger signature.
Then I create a rule to allow HTTP HTTPS from internal to external to ABC.

But still not working..

Any Help

ADgroup

Post #: 1
RE: Configuration problem .. - 30.Oct.2006 10:36:04 AM   
edv@aerotec.de

 

Posts: 9
Joined: 23.Oct.2006
Status: offline 		What are the settings for the clients (default gateway, proxy) ?

You don't need the second net (192.168.0.X) to be configured at the DCs, otherwise something's totally wrong.....let's see what.

Regards, edv

< Message edited by edv@aerotec.de -- 30.Oct.2006 10:42:12 AM >

(in reply to adgroup)
Post #: 2
RE: Configuration problem .. - 30.Oct.2006 12:26:57 PM   
JCUEVAS

 

Posts: 11
Joined: 27.Oct.2006
Status: offline 		Hi

Do you have ISA server with transparent Proxy or Do you have Proxy Setting in IE.

You don't need the secord NIC in your PDC and DC, because you are exposed you network to internet, and this is a Security Risk for you network.


I think that you can to use the Proxy Setting in Intenet Explorer (IE).
Create OUs in Active Directory and Apply GPO with the Proxy Setting.

Never expose you network to internet...

Regards,


_____________________________

DCSE, MCSE+Security, CCNA, Security+

(in reply to adgroup)
Post #: 3
RE: Configuration problem .. - 31.Oct.2006 1:34:07 AM   
adgroup

 

Posts: 130
Joined: 11.May2006
Status: offline 		hi
Thanx for your reply ...
Firewall clients are installed on all clients computers.Internet Explorer LAN settings are for configured to use ISA server with por 8080.

Ok If i remove 192.168.0.X IP addresses from PDC & BDC, and remove the default  gateway  addresse (192.168.0.17) Which is the ip address of DSL router then internet browsing stops.

If any one guide me the procedure for configuring network for ISA 2004. Scenario is as under.

PDC
ip = 10.1.1.1
SM = 255.0.0.0
Dns = 10.1.1.1
Alternate Dns = 10.1.1.2
BDC
Ip = 10.1.1.2
SM = 255.0.0.0
DNs= 10.1.1.1
ALternate DNS = 10.1.1.2

ISA
LAN IP = 10.1.1.3
Sm = 255.0.0.0
DNS = 10.1.1.1
Alternate DNS = 10.1.1.2

ISA
2ND NIC IP ADDRESS
IP = 192.168.0.16
SM = 255.255.255.0

DSL Router IP Address
IP = 192.168.0.17
SM = 255.255.255.0

DSL router is connected with a Network SWITCH, PDC, BDC, ISA Server is also connected with that Switch.

Adgroup

(in reply to JCUEVAS)
Post #: 4
RE: Configuration problem .. - 31.Oct.2006 4:20:47 AM   
edv@aerotec.de

 

Posts: 9
Joined: 23.Oct.2006
Status: offline 		Ok, that seem to be the right settings for your nework. Now configure your ISA server as an edge firewall.

Any questions on how to do this?

Regards,
edv

(in reply to adgroup)
Post #: 5
RE: Configuration problem .. - 31.Oct.2006 8:30:18 AM   
adgroup

 

Posts: 130
Joined: 11.May2006
Status: offline 		thanx for your response ..

In a  test environment, I have created a Test PDC and Test ISA Server. But still unable to connect yahoo messenger and Microsoft Outlook.

PDC
IP address = 10.1.1.5
SM = 255.0.0.0
Default Gateway = NONE
DNS = 10.1.1.5

ISA
LAN NIC SETTING
IP address = 10.1.1.6
SM = 255.0.0.0
Default Gateway = None
DNS = 10.1.1.5

2ND NIC SETTING
IP address = 192.168.0.14
SM = 255.255.255.0
Default Gateway = 192.168.0.17
Primary DNS = ISP DNS SERVER
Altenate DNS = ISP DNS SERVER.

Note*
Now I donot add the forwarder on the PDC (DNS SERVER), Because internet is not working if I do that, Thats why I add the ISP DNS SERVER in the 2nd NIC.Now Internet is working.

In the ISA 2004, I create EDGE FIREWALL settings, Internet is working fine but Yahoo messenger is not working.
Then I Allow all protocol from internal to external to all users, But still yahoo messenger is not working.

Waiting for urgent help .....

Adgroup

(in reply to edv@aerotec.de)
Post #: 6
RE: Configuration problem .. - 1.Nov.2006 6:24:03 AM   
edv@aerotec.de

 

Posts: 9
Joined: 23.Oct.2006
Status: offline 		I'm not familiar with yahoo messenger, but the first idea i'd have is to check Windows XP firewall settings and make sure that no incoming traffic is blocked.

Have you checked using the monitoring tab in ISA?

Besides: it's no problem to add the ISPs DNS server to the external nic of ISA, but usually it's the router who should deliver this adresses to the ISAs nic........in my scenario, i have configured the router to act as DHCP server and setup a reservation for the MAC address of ISAs external nic. Then configure the external nic to use dhcp for both, IP address and name servers. This way the router allways serves the same IP for the external nix and delivers the IPs of the DNS servers.

(in reply to adgroup)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Configuration problem .. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts