Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SecureNAT not Working
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SecureNAT not Working - 22.Feb.2006 5:54:40 AM
|
|
|
TubigSuwah
Posts: 4
Joined: 22.Feb.2006
Status: offline
|
Need Help. ISA Server does'nt let traffic in using securenat even the client gateway is pointed to ISA server. What could be the problem. Have simulated same access policy in a vmware and it works but in ISA server would'nt. im using w2k3 sp1 and isa 2004 sp2. please help.
|
|
|
|
|
RE: SecureNAT not Working - 24.Feb.2006 2:30:46 AM
|
|
|
TubigSuwah
Posts: 4
Joined: 22.Feb.2006
Status: offline
|
No Error message, I could just see the session having a securenat but if you check it in the client can't access internet.
|
|
|
|
|
RE: SecureNAT not Working - 2.Mar.2006 11:20:42 AM
|
|
|
bjkhan
Posts: 2
Joined: 9.Jan.2003
From: Malaysia
Status: offline
|
Hi there,
I have the same problem also. I have configured the Internet access policy for the protocols that I want to allow. I got fedup, I even allow all outgoing traffic from that particular server, but still the same. I can see the machine being connected as SecureNAT client and there are no errors in the logs.
Ajmal
|
|
|
|
|
RE: SecureNAT not Working - 3.May2006 4:18:23 PM
|
|
|
h3b
Posts: 5
Joined: 3.May2006
From: The Netherlands
Status: offline
|
Tom,
I've got exactly the same problem here. I thought it could be the service pack level, but after upgrading to sp2' I still have the same problem.
I also tried the webproxy, but this also doesn't work. The only thing that seems to work is to setup a "ping <isaserver> -t"
After a while the connection is there (got a ping reply from the ISA server 2004 ) and browsing is no problem anymore. After this the webproxy also works.
Sometimes dis- and enabling the network card of the client seems to help. But I've also tried to figure out if the problem is solved when using static ip address or dhcp. This doesn't matter at all. In both situations I have the same problem.
The first rule is : Allow everything from internal network to external. The default "All users" are allowed. So no authenticated users are used here.
Everything worked the first 6 months without any problem, however the last few weeks we get the connection problems and it seems that every day it got worse.
All incoming traffic from internet (server rule:webmail,vpn,pop3 and smtp) works without any problem. The file and exchange server doesn't seem to be affected (I haven't restarted them yet....they work). Dns resolving works from the affected clients (eg. ping www.google.nl), but this is no surprise....the domain controllers are the dns servers and they have no problem so far. But the ping itself doesn't work. Do you have any idea what is happening here?
|
|
|
|
|
RE: SecureNAT not Working - 4.May2006 8:02:13 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi H,
You shouldn't be able to ping the ISA firewall. If you created a rule that allowed pings to the ISA firewall, then those should be disabled, as that's a significat security problem.
Does the Event Viewer provided any information?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: SecureNAT not Working - 7.May2006 7:21:28 PM
|
|
|
h3b
Posts: 5
Joined: 3.May2006
From: The Netherlands
Status: offline
|
The ping to the isa server is only from the internal network. From the internet the isa server is not responding to ping. So this is not a problem from my point of view. It helped me though to pinpoint the problem. I've excluded the other servers/switches/clients etc... The problem lies in the isa server....but where??
The eventlog shows no errors what so ever.
Can't figure this one out.
< Message edited by h3b -- 7.May2006 7:24:35 PM >
|
|
|
|
|
RE: SecureNAT not Working - 9.May2006 11:12:15 AM
|
|
|
h3b
Posts: 5
Joined: 3.May2006
From: The Netherlands
Status: offline
|
Tom,
I think I figured this one out. After replacing the ISA 2004 server with a temporary installation on another server I discovered there where problems with the ip address being used (192.168.12.1) on the LAN adapter. While trying to configure the temporary server with the same address (the original isa server was already down) I got an ip conflict with this address. Strange at first. After checkings dns entries in the dns servers and flushing de local dns entries, result was zero. Than I tried to use the tool nmap to find out which device was causing this. There mac address which came back was from our telephone installation. Strange??!! Never had any problems here. I checked it with my arp table (arp -a) and the mac address was the same. So the telephone installation was using two ip addresses on the same lan connection. I've changed the IP config in the telephone installation but at this moment it still needs a reboot to execute the changes I've made. Tomorrow I will post an update on how things are going..........
regards,
Herman
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
. Strange though that we never experienced any problems before.
