Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SNAT's can't access the web
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SNAT's can't access the web - 7.Jan.2004 4:54:00 PM
|
|
|
cjennings
Posts: 10
Joined: 23.Mar.2003
From: Kent, UK
Status: offline
|
My SNAT clients can't access the web. I have fully configured all protocol rules, packet filters etc. I have enabled IP Routing.
The SNATs can successfuly resolve domain names through nslookup. However, they can't ping them?
If i configure the client to access via the proxy or firewall client they can successfully access the web.
Is this an ISA issue or is there something in Win 2003 Server that can cause this.
Can anyone help me on this. Very confused!
Many Thanks
Cameron
|
|
|
|
|
RE: SNAT's can't access the web - 7.Jan.2004 10:11:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Cameron,
if you try to access the Web from a SecureNAT only configuration, do you see the requests in the Firewall log?
If not, please post the result of the following commands:
- ipconfig /all on ISA
- route print
- the content of the LAT on ISA
- ipconfig /all on a SecureNAT client
HTH,
Stefaan
|
|
|
|
|
RE: SNAT's can't access the web - 8.Jan.2004 11:12:00 AM
|
|
|
cjennings
Posts: 10
Joined: 23.Mar.2003
From: Kent, UK
Status: offline
|
Stefaan
The requests do not seem to be appearing. Below is the requested info:
IPCONFIG (SERVER):
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : studio.ttp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : studio.ttp.com
ttp.com
Ethernet adapter InternalNic1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC #2
Physical Address. . . . . . . . . : 00-0B-2B-04-56-7F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
Primary WINS Server . . . . . . . : 127.0.0.1
PPP adapter BTO:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 81.130.99.25
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 81.130.99.25
DNS Servers . . . . . . . . . . . : 213.120.62.97
213.120.62.98
Ethernet adapter InternalNIC4:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-50-FC-86-52-F8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
ROUTE PRINT:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0b 2b 04 56 7f ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
#2
0x20005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x30004 ...00 50 fc 86 52 f8 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 81.130.99.25 81.130.99.25 1
81.130.99.25 255.255.255.255 127.0.0.1 127.0.0.1 50
81.255.255.255 255.255.255.255 81.130.99.25 81.130.99.25 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 20
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 20
192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 20
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 20
217.35.197.72 255.255.255.255 81.130.99.25 81.130.99.25 1
224.0.0.0 240.0.0.0 192.168.0.1 192.168.0.1 20
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 20
224.0.0.0 240.0.0.0 81.130.99.25 81.130.99.25 1
255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 81.130.99.25
===========================================================================
Persistent Routes:
None
LAT TABLE:
10.0.0.0 to 10.255.255.255
192.168.0.0 to 192.168.0.255
192.168.0.0 to 192.168.255.255
IPCONFIG SecureNAT Client:
Windows IP Configuration
Host Name . . . . . . . . . . . . : wks2
Primary Dns Suffix . . . . . . . : studio.ttp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : studio.ttp.com
ttp.com
Ethernet adapter LAN:
Connection-specific DNS Suffix . : studio.ttp.com
Description . . . . . . . . . . . : ADMtek AN983 based ethernet adapter
#2
Physical Address. . . . . . . . . : 00-10-A7-17-8C-6E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
192.168.0.4
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.4
192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1
Secondary WINS Server . . . . . . : 192.168.0.4
Lease Obtained. . . . . . . . . . : 05 January 2004 07:45:11
Lease Expires . . . . . . . . . . : 13 January 2004 07:45:11
Really could do with some help here. many thanks
cameron
|
|
|
|
|
RE: SNAT's can't access the web - 8.Jan.2004 5:07:00 PM
|
|
|
cjennings
Posts: 10
Joined: 23.Mar.2003
From: Kent, UK
Status: offline
|
I seem to have resolved the main part of this issue. I had simply forgotten to check the "Use Dial Up Entry" option. More information in this article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;283635
However, i am now receiving 403 forbidden on all URLs
Cameron
|
|
|
|
|
RE: SNAT's can't access the web - 8.Jan.2004 10:04:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Cameron,
yes, if you use a dial-up connection for the external interface, you should check out both:
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;283635
- http://support.microsoft.com/?scid=kb;en-us;296534
Looking into the posted information, I'm somewhat confused about the results:
1) internal host: why do you have two default gateways?
2) LAT on the ISA server: the LAT should only contain your internal IP range. Nothing more, nothing less.
3) do you have two internal interfaces on the same subnet? That's really weird!
HTH,
Stefaan
|
|
|
|
|
RE: SNAT's can't access the web - 9.Jan.2004 9:43:00 AM
|
|
|
cjennings
Posts: 10
Joined: 23.Mar.2003
From: Kent, UK
Status: offline
|
Stefaan
It's all working now. I cleaned up the LAT table to just my ip range.
The 2nd adapter is a long story! It was a quick fix to an intermitten switch problem. As soon as the new one arrives I can unplug it.
Many thanks for your help. ISA is always fun to work with :-)
Cameron
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
