I just recently did a cutover from an older server with ISA 2004 to a new box running VMWare, one of the VM's is a 2003 R2 Server with ISA 2006 (standard edition) on it with two virtual NIC's. The NIC's bound to the correct internal and perimiter NIC's on the host machine. It's set up as a back end firewall, but I'm having some flakey results. No matter what specific rule sets I doto allow this or all traffic from network to network or network to IP or whatever combination, DNS is denied as seen in logging. I've also checked, double checked and even changed the System Policy regarding DNS, and in the end I just put it back how it was because it failed to help. I've never had these kinds of problems with 2004, and what I'm trying to do is simply get to the internet. If I use http://ipaddress from the internal it works fine. I'm having similar issues with other ports and protocols as well, but this one has the most impact. I can send ruleset exports or answer any questions, but I just don't know why it's doing this. I tried to "repair" it, but that didn't help anything. It's a fresh install done a couple of days ago. Also, the internal clients are SecureNAT clients. Any help would be much appreciated.
OK, figured it out. When initially setting ISA up and choosing the "network template", though I selected back end firewall, the wizard didn't have me define a perimeter network or DMZ, so I added and defined the subnets for it myself. After that I just went right to creating the rule sets, and I was having sporatic results. I started over today and when I started with from a default setup, internal\external without the perimeter everything worked fine, and when I added the perimeter it went back to not working, so I looked at the Network Rules and noticed that the default "internet access" NAT rule was incorrectly defined and didn't update from when I went through the wizard for a back end firewall. I simply added the new "perimeter" network to the destination side, and everything started flowing. Though the back end firewall is exactly what I have, it seems that I should have used the 3-Leg Perimeter template.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> DNS being blocked 
DNS being blocked - 
Though the back end firewall is exactly what I have, it seems that I should have used the 3-Leg Perimeter template. 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread