Welcome to ISAserver.org

Urgent (((help needed)))

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 General] >> General >> Urgent (((help needed)))

Page: [1]

Message

<< Older Topic Newer Topic >>

Urgent (((help needed))) - 20.Sep.2006 2:56:45 PM

MSConfig

Posts: 6
Joined: 18.Sep.2006
Status: offline

hi guys ,

I was having isa 2000 with no problem but recently I had installed win sever 2003 r2 and I installed ISA server 2006 , configured an access rule for all outbound traffic and with all protocols , but I still have a problem in yahoo messenger access without proxy and with msn messenger webcam , and with some other applications on specific ports , please help me with this issue , I need to give access to all services I have a LAN with no domain , just a workgoup and one adapter connected to internal network , please help me

< Message edited by MSConfig -- 20.Sep.2006 3:00:00 PM >

Post #: 1

Featured Links*

RE: Urgent (((help needed))) - 20.Sep.2006 5:59:16 PM

alans

Posts: 67
Joined: 8.Mar.2006
Status: offline

Hi,

are the client's default gateway the ISA server? This will make them secure NAT clients and it should work without any problem if the network are defined correctly.

If the clients default gateway is not ISA then you need ISA firewall client to make it work.

Hope this helpS

Alans

(in reply to MSConfig)

Post #: 2

RE: Urgent (((help needed))) - 20.Sep.2006 8:17:09 PM

MSConfig

Posts: 6
Joined: 18.Sep.2006
Status: offline

hi , thank you sir for reply ,

default gatway for all clients is set to the router and the router default gatway is my server ,
I'm not using the firewall integrated within the router .
I have installed firewall client in all clients computers ,and my web proxy and web are working great there , but I still can't connect yahoo messenger through "no proxies" and limewire can't connect also ,and msn webcam , and voice take much time to connect also some other java applications , I have broadband connection 512 , so what should I do?

< Message edited by MSConfig -- 23.Sep.2006 5:59:51 PM >

(in reply to alans)

Post #: 3

RE: Urgent (((help needed))) - 20.Sep.2006 9:39:40 PM

alans

Posts: 67
Joined: 8.Mar.2006
Status: offline

Hi,

Check in the log files from which source networks the clients are coming from. ISA might not think that the clients are coming from the Interrnal network which might be your problem. Also please send a screen shot if you network rules it should be from VPN or Internal NAT to External.

The access rue that you've created is also to much. You only need to say all outbound traffic from internal to external for all users. If you want user to authenticate you need to specify authenticated users only. Also using the authenticated users you'll need to configure the firewall client to allow that application through ISA.

So for testing make it all users for now.

Regards,

Alan

(in reply to MSConfig)

Post #: 4

RE: Urgent (((help needed))) - 21.Sep.2006 6:42:52 PM

MSConfig

Posts: 6
Joined: 18.Sep.2006
Status: offline

here's the log for sample request from a client computer from my internal network on yahoo and a java application

and here's my network rule

, well that what I did first , I created that rule just from internal to external , then when I had that problem I created that "too much rule " to exclude rules probs from my probabilities and to allow all traffic and all ports , and I had the same result , is there anything I missed ?

< Message edited by MSConfig -- 23.Sep.2006 6:01:37 PM >

(in reply to alans)

Post #: 5

RE: Urgent (((help needed))) - 21.Sep.2006 7:45:42 PM

alans

Posts: 67
Joined: 8.Mar.2006
Status: offline

hi,

you showed me the firewall rules and not the network rules.

I checked your log files and saw that it is coming from internal but it is going to localhost. That is wrong. It should be from internal to external. Sounds like you don't have your networks configured right.

ISA needs the network to be defined correctly otherwise it won't work or you get funny problems.

I suggest you get toms cool book and it will give you a lot of information on how to.

regards,

Alan

(in reply to MSConfig)

Post #: 6

RE: Urgent (((help needed))) - 21.Sep.2006 8:33:22 PM

MSConfig

Posts: 6
Joined: 18.Sep.2006
Status: offline

ok , Its my first experiance with isa 2006 ,, I know I have to learn , I admit it , lol ...well because I was dealing with isa 2000 , but I have to upgrad, thanks a lot from being helpfull , and I wish if you send me that book , I need every book or detailed explaination that gives me more knowledge ,
by the way , where can I solve that problem , in the network rule , or in the firewall policy rule ?
can you export and send me a firewall ,and a network rule , in .xml format and let me try it ( for one isa server with this ip : 144.88.111.19 with one lan adapter connected to the internal network ( range (144.88.111.0 until 144.88.111.15) , no domain and to allow all outbound traffic , and to connect the lan computers to all internet ports and services ..) ,

about the network rule , sorry , I'm sending it now : , ok and next time I'm gonna send the whole pc

lol , I became more confused

< Message edited by MSConfig -- 23.Sep.2006 6:00:43 PM >

(in reply to alans)

Post #: 7

RE: Urgent (((help needed))) - 22.Sep.2006 3:45:39 PM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

The definition of your Internal Network indicates you're running the ISA Firewall in HORK mode, so there are no network rules or new networks for you to create. In HORK mode you have very little control over anything other than HTTP.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to MSConfig)

Post #: 8

RE: Urgent (((help needed))) - 22.Sep.2006 4:33:14 PM

alans

Posts: 67
Joined: 8.Mar.2006
Status: offline

Yes Tom is right

What you could do is apply the ISA template for edge firewall, which is not recommended but it will show you how to configure the server. Also remove all addresses from the internal network and only leave the internal address range in.

Try not make change at enterprise level rather stay at array level. I would should suggest installing standard before going to enterprise. Once you have all the basics. move to enterprise

Yes you can get toms book at any book store or online

(in reply to tshinder)

Post #: 9

RE: Urgent (((help needed))) - 22.Sep.2006 5:53:47 PM

MSConfig

Posts: 6
Joined: 18.Sep.2006
Status: offline

thanks mr shinder , it's my pleasure you posted a reply for me ,
and thanks you alan also for everything , well ,I'll try again ,with the information you provided ,and I'll tell you about the result as soon as possible .

(in reply to alans)

Post #: 10

RE: Urgent (((help needed))) - 23.Sep.2006 5:58:28 PM

MSConfig

Posts: 6
Joined: 18.Sep.2006
Status: offline

OK EVERYTHING IS WORKING NOW FINE , THANK YOU VERY MUCH , IT WAS LIKE MAGIC LOL , I almost quit everything , but I gave it a last try , I installed some protocols like IPX/SPX/NETBIOS , and some services , and I defined the internal network with the ranges only ,as you said , and everything goes so good ...haha ..I feel so happy thank you very much guys ..uf I think I can sleep peacefuly today

well , Tom , your book is so good , as I read some of it in google books ...but I would surely buy it if I can find it in some book store here in Algeria ..I'm not sure of that ..I'll check these days ..

I wish you all the best , thanks

(in reply to MSConfig)

Post #: 11