Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
No connectivity via SecureNAT, Firewall & Web Proxy OK
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
No connectivity via SecureNAT, Firewall & Web Proxy OK - 21.Jun.2006 8:06:54 PM
|
|
|
chris_c
Posts: 3
Joined: 21.Jun.2006
Status: offline
|
Hi there,
I'm not a Windows Admin by trade, but have found myself drawn into this GUI-tastic world because of some problems at the school where I'm currently doing some database work. They're running a Windows Server 2003/ISA Server 2000 setup which provides Firewall & Web Filtering (via Websense) for around 50 users.
Basically, they're having issues connecting one of the computers to an external Cisco VPN. Obvioulsy, the only way the Cisco software is going to work is if the PC in question is an ISA SecureNAT client - at the moment everyone in the school uses either the Web Proxy or Firewall client to connect.
Despite the fact that these two other options work without any problems, SecureNAT just isn't working. I've enabled IP Routing on the ISA server, created a 'full access' protocol rule, setup the client with the right gateway IP - but nothing /other/ than DNS resolution is working.
Internal connectivity is fine, but doing a tracert/ping/any type of connection to anything external doesn't return any sort of response. Nothing showing up in the event logs, nor in the packet filtering logs.
I'm back at home at the moment, and the only thing that I can think of is that perhaps there's some issue with the LAT? Should the external interface IP be in the LAT table? I have a feeling it is at the moment, and this would seem to be wrong - although surely this would prevent Proxy & Firewall clients connecting too?
One day's worth of accumulated knowledge about ISA server isn't all that much, so I'm probably missing something obvious. Would really appreciate it if someone could point out where I'm going wrong!
Thanks,
Chris.
|
|
|
|
|
RE: No connectivity via SecureNAT, Firewall & Web Proxy OK - 21.Jun.2006 8:21:24 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Did you create an anonymous rule for this S-NAT client and are you sure authentication is not forced on the network rule? May of the 3rd part content filters take the lazy way out and force authentication on the network rule rather than per rule. The Network rule trumps access rules.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: No connectivity via SecureNAT, Firewall & Web Proxy OK - 21.Jun.2006 8:30:26 PM
|
|
|
chris_c
Posts: 3
Joined: 21.Jun.2006
Status: offline
|
Hi there,
Ah - this is along the lines of where I was thinking ust before I left. I had an anonymous rule in the sense that the rule was for 'All Users' IIRC - frustrating I'm not in front of the computer now to look at the exact setting, but I'm pretty sure it was as anonymous as I could make it is there any specific way of setting anonymous rules that wouldn't be obvious?
wrt third party content filters & authentication - wouldn't this also affect Firewall clients? Will certainly try disabling the filter tomorrow and see where it leads, though.
Thanks,
Chris.
|
|
|
|
|
RE: No connectivity via SecureNAT, Firewall & Web Proxy OK - 21.Jun.2006 8:34:41 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Anonymous = All Users
Disabling 3rd party filters would not remove the required authentication on the network rule. You need to go into the network rule properties for that.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: No connectivity via SecureNAT, Firewall & Web Proxy OK - 22.Jun.2006 11:29:31 AM
|
|
|
chris_c
Posts: 3
Joined: 21.Jun.2006
Status: offline
|
Just a quick update - it was the fact that the external IP address was in the LAT that was causing the problems. Not quite sure how firewall & proxy clients were working mind you - but there you go!
Chris.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
