I have an ISA 2006 server which is a fresh install onto Windows 2003 Server SP2 32bit. The server is not in production because it is not able to connect normal windows clients (XP) to the internet via HTTP.
I can see on the Logging tab that other protocols are working fine including HTTPS - when I type https://mail.yahoo.com into the browser on a client machine it connects without any issue, but whenever I try ANY standard http connection it fails.
I am able to successfully perform nslookup commands on any external (and internal) address so it's not a name resolution issue. I am also able to run the "telnet www.google.com 80" command successfully on the ISA server.
The clients are configured to use the standard port 8080 to connect to the ISA server; it just seems that the ISA server is not able to translate the HTTP traffic correctly.
Any suggestions would be greatly appreciated as we are currently running on ISA 2000 and desperately want to migrate to the newer version.
There are two rules on the ISA server - the first rule is to Allow > All Outbound traffic > from Local Host and Internal (which includes all internal IP addresses) > to External > all content types > Always > All Users. The second rule is the default deny all.
I've tried a specific host rule from my test PC which just allows HTTP to External and I still cannot get access.
The server has two NIC's; one external and one internal.
The NIC's are configured like the article except for two things - I've put DNS entries on both the interfaces and I've not disabled NetBIOS over the External interface. These two settings can easily be changed and I'll be able to test when I have an outage window this evening.
From: United Kingdom
DNS should only exist on the internal adater and your internal DNS should be configured with forwarders. The NetBIOS disable is just part of the recommended NIC hardening and shouldn't affect anything outbound.
Can you check to ensure you http protocol has not had the Web Proxy filter unbound?
The ISABPA is a great tool to find certain issues in the setup. Did you add the DNS protocol to the Array access rule for your Internet connection? I had a similar issue in my first attempt at the live configuration. Adding DNS, HTTP(s),FTP, to the internet access array rule allowed local DNS to interpret web traffic
Thanks for the advice - yes I did allow DNS, in fact I became so frustrated that I changed to rule to allow all protocols and I was able to see the DNS requests on port 53 going to external destinations.
Hi Paulo, the ISA server is now working. The issue was that the ISP have an upstream proxy and our HTTP traffic was being blocked by them. I phoned them on a number of occasions and only today did they mention that they had the upstream proxy was in place.