Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Ping Problems
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Ping Problems - 30.Sep.2004 6:04:00 PM
|
|
|
Zarethustra
Posts: 4
Joined: 30.Sep.2004
Status: offline
|
I am testing ISA 2004 in a lab and have, what I think, should be a simple question.
I want to allow pings through the external interface to hosts on the internal interface. I have created a ping rule with the above parameters and it does not work. If I check the logs I see ping blocked by a blank rule.
Any ideas ?
If you have a base configuration that allows this, I am willing to start from scratch and try it.
|
|
|
|
|
RE: Ping Problems - 30.Sep.2004 6:39:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi,
Is your ISA Server external interface an Internet address? Do your internal machines use private addressing? If so, then pings won't work anyway, because private addresses are not routable on the Internet.
HTH,
Bill
|
|
|
|
|
RE: Ping Problems - 30.Sep.2004 6:54:00 PM
|
|
|
Zarethustra
Posts: 4
Joined: 30.Sep.2004
Status: offline
|
Hi Bill,
Good answer, I couldn't see the forest for the trees. Because IĈm using a lab environment, IĈm doing custom routing to get to the private addresses, and surprisingly, my router knows how to find the private machines. I assumed it was an issue with firewall rules, especially with the log showing a blank rule. I think it should log something about denying non-routable ip or something to that tune.
Right before I read your post, It occurred to me to look at the routing and so I switched from NAT to route and it worked.
Thanks for you help.
FCC
|
|
|
|
|
RE: Ping Problems - 30.Sep.2004 11:11:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi,
Yes -- the ability to disable NAT is a welcome feature of 2004 (the inability to do so was one of my pet peeves of the 2000 version).
Glad to have helped, and thanks for the follow-up.
Thanks,
Bill
|
|
|
|
|
RE: Ping Problems - 4.Oct.2004 2:05:00 PM
|
|
|
olafo
Posts: 56
Joined: 12.Aug.2004
From: Bilbao
Status: offline
|
Ok. Changing NAT by Route work fine, but what's happen if i want use route?
I use route because in the external interface of ISA is connected a Cisco Router that only responds to external interface of ISA. I need to do NAT so. The Cisco Router does NAT to transform Private IP in public IP.
Why not work ping with NAT?
The servers in DMZ cannot access to internet if i not configure proxy. I permit access from External to DMZ doing route. And permit access from DMZ to External doing NAT. Only one of them work.
Any ideas?
Thanks.
|
|
|
|
|
RE: Ping Problems - 4.Oct.2004 5:14:00 PM
|
|
|
Zarethustra
Posts: 4
Joined: 30.Sep.2004
Status: offline
|
Can you draw a simple network diagram showing your set up ?
|
|
|
|
|
RE: Ping Problems - 5.Oct.2004 11:42:00 AM
|
|
|
olafo
Posts: 56
Joined: 12.Aug.2004
From: Bilbao
Status: offline
|
Router
|
|
|
Internal---I S A ------ DMZ
External --> DMZ (Route)
DMZ --> External (NAT)
Access Rules
Permit HTTP,HTTPS,Ping,.. External -- > DMZ All
Permit HTTP,HTTPS,Ping,... DMZ --> External All
Well, only one of these configurations work, the first.
If i change the order of Network Rules, the first work, but not the second.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
