Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
What wrong I am doing for sNAT client
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
What wrong I am doing for sNAT client - 5.Aug.2005 7:59:00 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
I just installed ISA server 2004 enterprise edition.
I have two network card on ISA server.
1)INTERNAL CARD
with following configuration
ip 192.168.100.121
dns 192.168.100.17 (this is internal dns server with ISP dns as forwader)
NO DEFAULT GATEWAY AS IT SAY IN MICROSOFT BOOK
2)EXTERNAL CARD
INTERNET IP ADDRESS 209.XXX.XXX.XXX
DEFAULT GATEWAY 209.XXX.XXX.XXX (CISCOROUTER)
NOW WHEN I USE WEB PROXY CLIENT, I CAN CONNECT TO INTERNET. BUT WHEN I USE SNAT CLIENT IT DOES NOT WORK WHY?
WHEN I USE WEB PROXY I PUT HTTP://SERVERNAME/ARRAY.DLL?GET.ROUTING.SCRIPT IN PROXY SETTINGS
WHEN I USE SNATCLIENT I USE ISA-SERVER IP ADDRESS AS DEFAULT GATEWAY.
when I try to ping something from snat client its not resolving name. Something wrong here.
My Domain is configured with forwarder to go out and resolve name.
can I get some help please, trying to figure this out since one month.
|
|
|
|
|
RE: What wrong I am doing for sNAT client - 6.Aug.2005 4:20:00 AM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
SecureNAT clients must be able to resolve DNS names on their own - these are the only clients that must do this. Web Proxy and Firewall Clients have the benefit of having ISA resolve external names for them.
You can point your SecureNAT client to an Internal DNS Server (suggested if it is a part of an Active Directory domain) as long as that server points to ISA as its Def Gateway and ISA allows DNS queries to External. Your internal DNS Server will use the Forwarders you have configured to resolve external domains.
[ August 06, 2005, 04:21 AM: Message edited by: ClintD ]
|
|
|
|
|
RE: What wrong I am doing for sNAT client - 6.Aug.2005 10:01:00 AM
|
|
|
isawader
Posts: 420
Joined: 27.Apr.2005
Status: offline
|
quote:
You can point your SecureNAT client to an Internal DNS Server (suggested if it is a part of an Active Directory domain) as long as that server points to ISA as its Def Gateway
Just curious,
Why does it matters that the DNS server's DG have to point to ISA? What if there is another WAN connection that can be used to resolve the names by the local DNS server?
|
|
|
|
|
RE: What wrong I am doing for sNAT client - 12.Aug.2005 1:35:00 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
This is what I tried.
There are two NIC Cards in ISA Server.
Internal NIC configured as below
192.168.100.21 as ip address
255.255.255.0 as subnet mask
192.168.100.17 as dns server
External NIC
xxx.xxx.xxx.xxx routable IP address from ISP
255.xxx.xxx.xxx as subnet mask
xxx.xxx.xxx.xxx as default gateway cisco router
no dns entries.
with the above configuration I am trying this.
My domain controller gateway is (ISA Server)
when I do this it not going on internet...
I also tried to put one of the routers ip address as domain controller gateway..in this case it can go out on internet..
with this I configure client to use internal dns server and default gateway as ISA server...client cannot go on to internet with this setting..
can any help me out to resolve this.I am trying to fix this since once month..I know it should be simple but, not working for me;
|
|
|
|
|
RE: What wrong I am doing for sNAT client - 22.Aug.2005 9:34:00 AM
|
|
|
vamram
Posts: 44
Joined: 19.Dec.2003
Status: offline
|
Bhavin, I had a similar problem if you saw my post earlier.
In addition to your default gateway and DNS configurations as another post mentioned above, check your access rules.
For SecureNAT to work, you must not change the Users tab group from the default of ALL USERS. In otherwords, don't add Active Directory or Local user and group accounts to this tab. If you need to restrict access, do so by adding computers, computer sets or other network objects to the From tab.
Also, the order of your rules may be affecting access as well.
Good luck.
JQ
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
