I've spent a lot of time on this. It's not my forte, I just need it to work. If anyone is skilled and willing to assist to resolution, I will pay an agreed hourly rate.
Configuration I have a hardware router connected to internet internal address: 192.168.0.1 subnet: 255.255.255.0
Connected to the hardware router I have an ISA Server with two network cards: static 192.168.0.254 connected to hardware router subnet 255.255.255.0 default gateway 192.168.0.1
static 192.168.1.1 for internal network subnet 255.255.255.0 default gateway 192.168.0.1
First major issue, is the ISA Server an Edge Firewall or a Back Firewall?
Any problems with the network settings?
This server is also running DNS, DHCP, Domain Controller, I added Access rules to allow serving of DHCP requests/replies and DNS requests. Clients are allocated addresses in 192.168.1.1-192.168.1.255 range. It is also running Filesharing for which I cannot find an appropriate Access Rule.
Next major issue, no web access.
Occasionally a web request does get serviced but it is rare and thereafter:
Error Code: 500 Internal Server Error. The host server is unreachable. (10065)
There is a rule in place to allow HTTP/HTTPS/FTP requests to pass to external network.
In the Monitoring section there is a regular alert
Routing (chaining) failure Description: ISA Server detected a proxy server loop. There may be a problem in the configuration of the ISA Server Web chaining policy. Alternatively, in Enterprise Edition, when CARP is enabled and there are intermittent interruptions of intra-array connectivity, array member A may forward a request to array member B according to the CARP algorithm, and array member B may forward the request to array member A in an endless loop.
I also want some form of content filtering but I believe there is nothing free like Dans Guardian available for ISA Server.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
quote:
ORIGINAL: g_hickley I've spent a lot of time on this. It's not my forte, I just need it to work. If anyone is skilled and willing to assist to resolution, I will pay an agreed hourly rate.
I am probably no where near you geographically.
quote:
Configuration I have a hardware router connected to internet internal address: 192.168.0.1 subnet: 255.255.255.0
Connected to the hardware router I have an ISA Server with two network cards: static 192.168.0.254 connected to hardware router subnet 255.255.255.0 default gateway 192.168.0.1
static 192.168.1.1 for internal network subnet 255.255.255.0 default gateway 192.168.0.1
First major issue, is the ISA Server an Edge Firewall or a Back Firewall?
Back Firewall. The "router" is not a real router, it is functionally a NAT Firewall, so it is the Front Firewall. It doesn't matter to ISA, it works the same as Edge.
quote:
Any problems with the network settings?
Yes. 1. The internal nic is not supposed to have a default gateway. 2. Even if it could have a Default Gateway, you gave it an invalid one. Default Gateways must be in the same subnet of the nic they are assigned to. But, the internal nic is not supposed to have one anyway.
quote:
This server is also running DNS, DHCP, Domain Controller, I added Access rules to allow serving of DHCP requests/replies and DNS requests. Clients are allocated addresses in 192.168.1.1-192.168.1.255 range. It is also running Filesharing for which I cannot find an appropriate Access Rule.
1. ISA should be on a machine by itself (except SBS installations) 2. DCs should never be multi-homed. 3. DHCP and DNS should be on the DC,...they should not be on an ISA Server.
Although I'll admit it is a personal choice of mine,..I would not even be willing to work on a machine like that. Too complex, too unstabile, too difficult to troubleshoot,..it just isn't worth it. An SBS installation would be an exception, but even then I am still a little reluctant to mess with SBS and would rather leave that to those who specialize in SBS, or work side-by-side with someone who specialized in SBS.
quote:
Next major issue, no web access. ...........
Routing (chaining) failure
I'm pretty sure it is all related to the above, but I wouldn't know where to start,...short of yanking ISA off that box and putting it on its own box.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Help required with ISA Server 2006 Std config, will pay 
Help required with ISA Server 2006 Std config, will pay - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread