• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DNS being blocked

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> DNS being blocked Page: [1]
Message << Older Topic   Newer Topic >>
DNS being blocked - 9.May2007 1:51:46 PM   


Posts: 2
Joined: 9.May2007
Status: offline

I just recently did a cutover from an older server with ISA 2004 to a new box running VMWare, one of the VM's is a 2003 R2 Server with ISA 2006 (standard edition) on it with two virtual NIC's.  The NIC's bound to the correct internal and perimiter NIC's on the host machine.  It's set up as a back end firewall, but I'm having some flakey results.  No matter what specific rule sets I doto allow this or all traffic from network to network or network to IP or whatever combination, DNS is denied as seen in logging.  I've also checked, double checked and even changed the System Policy regarding DNS, and in the end I just put it back how it was because it failed to help.  I've never had these kinds of problems with 2004, and what I'm trying to do is simply get to the internet.  If I use http://ipaddress from the internal it works fine.  I'm having similar issues with other ports and protocols as well, but this one has the most impact.  I can send ruleset exports or answer any questions, but I just don't know why it's doing this.  I tried to "repair" it, but that didn't help anything.  It's a fresh install done a couple of days ago.  Also, the internal clients are SecureNAT clients.  Any help would be much appreciated.

Thanks in Advance,

Post #: 1
RE: DNS being blocked - 10.May2007 1:30:32 PM   


Posts: 2
Joined: 9.May2007
Status: offline
OK, figured it out.  When initially setting ISA up and choosing the "network template", though I selected back end firewall, the wizard didn't have me define a perimeter network or DMZ, so I added and defined the subnets for it myself.  After that I just went right to creating the rule sets, and I was having sporatic results.  I started over today and when I started with from a default setup, internal\external without the perimeter everything worked fine, and when I added the perimeter it went back to not working, so I looked at the Network Rules and noticed that the default "internet access" NAT rule was incorrectly defined and didn't update from when I went through the wizard for a back end firewall.  I simply added the new "perimeter" network to the destination side, and everything started flowing.   Though the back end firewall is exactly what I have, it seems that I should have used the 3-Leg Perimeter template.


(in reply to jansenet)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> DNS being blocked Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts