I have set up an ISA server 2006(ISA) on Win2003 Sp1 with the Web Proxy (single network card) template. The sole purpose of this is to control Internet access times for different user groups. The edge of the LAN is protected by a PIX. Another server(XS) hoste Exchange Server 2003. This is dual homed and has one NIC connecting to the PIX and the other connected to the LAN. At present this server also runs NAT for the rest of the LAN. This works fine and I don't want to mess with it.
The ISA server has been given its default gateway as the internal IP address of XS. Logged in locally one can ping external networks and browse the web from ISA.
I have setup the default firewall rule denying all access from Internal to External. As a start I have configured a firewall rule which allows all users from Internal to access all networks in External at all times.
On a client browser (IE) I tick Automatically detect settings and point the proxy server to the address of ISA.
Nothing doing, the client wont connect. Once I can get this step OK I can configure more sensible rules then disable NAT on XS, but until I can I cant go any further. Grateful for ideas what's wrong.
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Bob,
when you install ISA as a single NIC, it does not have the concept of External Network, but Internal and LocalHost.
In your access rule you should specify Internal as source and destination. Also, you have to leave the IP ranges that ISA provided by ISA when choosing Single-NIC template.
Thanks for your reply. Yes I saw this Technet article and tried it, (though the concept of internal to internal didn't make much sense to me). Unfortunately I got exactly the same results-no throughput.
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Bob,
glad it worked.
About ISA Networks model:
quote:
Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer itself.