I am plagued with problems at the moment trying to get dataflow through my ISA server to the internet. I have setup a server running Windows 2000 with ISA. I have included a basic diagram denoting the WAN / LAN setup (-> means 'goes to')
I have set up the LAT to be 192.168.0.1 - 192.168.0.198
I had it running successfully this morning & received internet access through all the PC's on the network (I have installed the ISA client on each PC & have at this stage setup a single Protocol rule stating all outbound access is allowed at any stage.
I then restarted the 2000 Server machine & now I cannot get any dataflow through the NIC going to the ADSL Router. The router is not set as a DHCP server, so it cant be that playing with the settings. I have spoken with some collegues & they all come out with different answers as to what (if any) the Gateway settings for each NIC need to be.
It is almost like the network card drivers for the NIC going to the ADSL router are corrupted but I have removed & re-installed them to no avail.
you seems to have couple of configuration problems!
First of all, the internal and external interface of ISA server *must* be on different Network ID's (or subnets if you like). In your case the internal and external interface belongs to the Network ID 192.168.0.0/24.
Secondly, I see that the default gateway on your internal hosts point to '192.168.0.74' and that's *not* the ISA internal interface (nic2)! So, you should fix that too.
Thanks for the quick reply Stefaan,
I guess my question is then this:
My router (A Billion 741GE) only has the ability to forward ports on the same IP range as the WAN. For example, I had it previously setup as:
WAN IP Range (ADSL Router & 2000 Server): 10.0.0.* LAN IP Range (PDC & other internal PC's): 192.168.0.*
Having it setup this way meant I had absolutely no issues with DNS resolution & access to my domain & the internet. But there was one big problem that I am not sure is resolvable.
I wanted to forward ports from the ADSL Router to my internal network, but the modem only gives the option to forward ports on the same IP range. Because my ADSL Router was setup in the 10.0.0.* range, I could only forward to those ports, not to the IP range of my internal network.
Is there a way to do this with ISA? I apologise if my explanation isnt clear!
if I understand your question correctly, you want to allow inbound traffic to some internal hosts for some particular services. In ISA terminology that's called web and server publishing. For more info I suggest you check out the ISA help file first.
Keep in mind that you have to publish a particular service (i.e. SMTP, FTP, WWW) running on an internal host and you can't publish an internal host as such (all possible services).
I'm sorry, but I think that your configuration is still not valid. Assuming your ISA internal IP is 192.168.1.1 with subnet mask 255.255.255.0 then your ISA external interface still belongs to the same Network ID. Keep in mind that the internal and external interface of ISA server *must* be on different Network ID's (or subnets if you like).
Hi again Stefaan,
It seems to be working though! I go to GRC.com & try shields up on various ports etc & it all seems to be in stealth mode. I can also access web pages etc with no issues, as I setup an all outbound allow rule under protocol rules.
I can only tell you that, as long as the internal and external interface of ISA server are not on different Network ID's (or subnets), your basic ISA configuration is invalid! So, I suggest you fix that first.