Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Trouble getting http access on ISA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> Trouble getting http access on ISA Page: [1]
Login
Message << Older Topic   Newer Topic >>
Trouble getting http access on ISA - 11.Mar.2004 11:38:00 PM   
fodell

 

Posts: 45
Joined: 14.Mar.2002
Status: offline 		I have setup ISA 2004 on a 2003 server. It is the only server so far in the test env. I have active directory and dns installed. i installed the dns and ISA according to the Get Up an Running with Isa server. Made the open outbound and the DNS access rules per the instructions. I have the ISA server as securenat. I am getting a 12202 error with a default rule.

My question is about dns and network settings. The dns is using a forwarder to my isp. This does work without ISA installed.

What should the LAN nic settings be for dns, the internal ip address? No default gateway on the lan card which should be right.

The WAN nic settins are DNS pointing to ISA's external address on the wan card, is that correct to use my own internal DNS since the forwarders should resolve?

Internet explorer is set to use proxy ( LAN nic ip address) on port 8080. I have been running ISA 2000 since it came out but seem to be missing something.

Oh, and the firewall client is not installed on ISA.

Thanks
Post #: 1
RE: Trouble getting http access on ISA - 11.Mar.2004 11:57:00 PM   
fodell

 

Posts: 45
Joined: 14.Mar.2002
Status: offline 		To add to my confusion i can click like ISA server on the Web from the managemant console and IE does return that page. I also notice that when using IE directly to access a web site the logs show an a destination address of 0.0.0.0 from localhost to external instead of a valid ip address.

(in reply to fodell)
Post #: 2
RE: Trouble getting http access on ISA - 12.Mar.2004 12:48:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Learning,

The DNS server should be bound to the internal interface, and then the LAN card should use that internal address.

You will need to create an access rule that allows localhost network to access the HTTP protocol to the Internet.

HTH,
Tom

(in reply to fodell)
Post #: 3
RE: Trouble getting http access on ISA - 12.Mar.2004 3:47:00 PM   
fodell

 

Posts: 45
Joined: 14.Mar.2002
Status: offline 		Thanks Tom,

1. The DNS was bound to internal adapter (192.168.1.1)
2. The Lan card was using the internal address ( 192.168.1.1)
3. Localhost http to external was created. Actually there was also an allow all from Localhost to External.

Clicking ISA Online worked, browsing to say microsoft.com did not, destination 0.0.0.0 in logs i thought would indicate a dns issue. That is still a mystery to me why from help link browsing worked and just plain browsing did not. It did resolve DNS but it would seem as a user instead of localhost. I did have the internal web and dns to external defined as in the Get up and running guide.

As of now i have to access rules.
1. Allow all Localhost to External
2. Allow DNS Localhost to External

Undoubtedly Allow all protocols does not allow DNS from localhost, only after i implemented #2 above does it work.

Life is good. Please note this LAN only has an ISA server so far with no clients, it is an AD and DNS server.

(in reply to fodell)
Post #: 4
RE: Trouble getting http access on ISA - 15.Mar.2004 3:56:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Learning,

There is a System Policy that allows DNS from local host, so you do not need to add that manually.

Not sure what the problem is. Name resolution should work. Is your Root Hints file primed?

Thanks!
Tom

(in reply to fodell)
Post #: 5
RE: Trouble getting http access on ISA - 21.Mar.2004 10:51:00 AM   
mlorca

 

Posts: 15
Joined: 6.Nov.2002
Status: offline 		I have running for 15 minutes same problem, but here wath i did:

I edit my first rule from internal to External
on From click add on the sub menu select new compurer and type the loopback 127.0.0.1, and you have acces from to the internet from ISA server machine

Chileno [Big Grin]

(in reply to fodell)
Post #: 6
RE: Trouble getting http access on ISA - 21.Mar.2004 5:25:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Chileno,

Again, that should not be required and I don't need to do it on any of mine. If you show the System Policy on your machine, you will see that there is already a policy that allows DNS outbound to all networks.

HTH,
Tom

(in reply to fodell)
Post #: 7
RE: Trouble getting http access on ISA - 21.Mar.2004 5:41:00 PM   
Guest
 On my case Tom y check but every time that I was try to access internet i wasa getting access deny and when I make this chane it work fine [Frown]

(in reply to fodell)
  Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> Trouble getting http access on ISA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts