Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Wierd ISA or DNS Behavior
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Wierd ISA or DNS Behavior - 2.Nov.2005 9:38:00 PM
|
|
|
straw
Posts: 17
Joined: 2.Nov.2005
From: Coachella Valley
Status: offline
|
I recently setup an ISA server in my CyberCafe so my customers can use my cable line instead of my T-1's for Internet browsing. My cable modem is connected to a router followed by my cisco switch 4port VLAN to the ISA server's WAN NIC. My entire network is in a workgroup environment with no domains. The cable line uses a dynamic IP which it successfully passes off to the router. I'm using the following static IP addresses on the router, WAN nic and LAN NIC:
Router Int Interface-10.0.1.4 (Static)
SM-255.255.255.0
ISA WAN NIC-10.0.1.5 (Static)
SM-255.255.255.0
GW-10.0.1.4
ISA LAN NIC-192.168.0.6 (Static)
SM-255.255.255.0
Internal DNS- 192.168.0.3
The following firewall policies are in place in the following order:
Allow/All outbound traffic/Internal/External/All users
Allow/FTP-HTTP/External/Internal/All Users
Allow/DNS/Internal DNS server/External/All Users
Default Rule/Deny/All Networks/All Networks/All users
My internal PC's are setup to use the proxy server through Internet Exporer under the LAN settings:
192.168.0.6:8080
The problem i'm having is the web browsing performance (very slow at times) or pages won't come up at all. Other times it's works fine. The performance seems to be random and i'll recieve slow or no connectivity alerts in the Monitoring section of the ISA server interface. I also get two errors in the Application section of the event viewer (Event ID:21137 and 21138).
An ideas on this problem?
[ November 02, 2005, 09:41 PM: Message edited by: straw ]
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 2.Nov.2005 10:10:00 PM
|
|
|
Sunny.C
Posts: 800
Joined: 5.Apr.2005
From: sydney
Status: offline
|
1.What spec is your isa server????
2.Your internal dns gets forwarded onto your isp?
(Is yours isp's dns good, if not you might consider setting up a caching dns on your isa)
3.Do you have any 3rd party software on your isa?
4.Allow/All outbound traffic/Internal/External/All users..Why do you need this rule if you already have the user's browsing permission here....Allow/FTP-HTTP/External/Internal/All Users
This rule will overwrite the other.
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 2.Nov.2005 10:11:00 PM
|
|
|
Sunny.C
Posts: 800
Joined: 5.Apr.2005
From: sydney
Status: offline
|
1.What spec is your isa server????
2.Your internal dns gets forwarded onto your isp?
(Is yours isp's dns good, if not you might consider setting up a caching dns on your isa)
3.Do you have any 3rd party software on your isa?
4.Allow/All outbound traffic/Internal/External/All users..Why do you need this rule if you already have the user's browsing permission here....Allow/FTP-HTTP/External/Internal/All Users
This rule will overwrite the other.
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 2.Nov.2005 10:55:00 PM
|
|
|
straw
Posts: 17
Joined: 2.Nov.2005
From: Coachella Valley
Status: offline
|
My Internal DNS has a forwarder setup pointing to my T-1's DNS (AT&T) not the cable line (Road Runner). I know it works because I have no problem when browsing through my T-1 line.
Please read the Firewall policy again because I don't see the hwo i'm over writing. Rule 1 allows my internal PC's full access outbound. Rule 2 allows only HTTP and FTP inbound. Rule 3 was setup per the the instructions I read from Dr. Shinder "Getting started right with ISA Firewalls".
Do I need rule #2?
1.)Allow/All outbound traffic/Internal/External/All users
2.)Allow/FTP-HTTP/External/Internal/All Users
3.)Allow/DNS/Internal DNS server/External/All Users
4.)Default Rule/Deny/All Networks/All Networks/All users
My server is a 800Mhz Intel, 768MB RAM, 2-3Com 3C905B-TX, Win Server 2003 w/latest windows updates, AVG AntiVirus.
[ November 02, 2005, 11:07 PM: Message edited by: straw ]
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 3.Nov.2005 7:08:00 PM
|
|
|
straw
Posts: 17
Joined: 2.Nov.2005
From: Coachella Valley
Status: offline
|
I have removed the 2nd rule and thanks.
I have a total of 37 PC's which are configured to use the ISA server.
I'm running AVG AntiVirus on the ISA server as well. I thought I read in the forums that it was wise to install antivirus on the ISA server.
What specs would you recommend I use for a proxy server? I have another PC I could use if necessary.
I'd also like to know how to enable DNS caching. I had Web caching setup at one point but the cache folder grew to over 5 GB in less that a few days and the server only has a 20GB hard drive.
|
|
|
|
RE: Wierd ISA or DNS Behavior - 3.Nov.2005 11:28:00 PM
|
|
|
straw
Posts: 17
Joined: 2.Nov.2005
From: Coachella Valley
Status: offline
|
For some reason my internal pc's can no longer see my website which is on my internal private network of 192.168.0.2 . The webserver has an entry on my DNS server too.
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 5.Nov.2005 12:18:00 AM
|
|
|
straw
Posts: 17
Joined: 2.Nov.2005
From: Coachella Valley
Status: offline
|
Bump
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 5.Nov.2005 5:59:00 PM
|
|
|
Sunny.C
Posts: 800
Joined: 5.Apr.2005
From: sydney
Status: offline
|
1.Faster the server the better i guess.I am using dual p4 2GHz,2gig of ram for my 40 user network.
2.What error are you getting when you try to goto your website?? Have you published it correctly???
3.As for configuring a caching dns i have a very good document at working which i can send to you via email, send me a PM with your email and i will forward it to you.
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 5.Nov.2005 11:51:00 PM
|
|
|
straw
Posts: 17
Joined: 2.Nov.2005
From: Coachella Valley
Status: offline
|
My webserver is located in my private network of 192.168.0.2 . My internal DNS server has an A record setup to point to my internal webserver thus preventing the need to use and external DNS. This DNS server setup was neccessary due to my Cisco router not allowing Internal NATed IPs from looping out and back in. I was told this is a security feature from Cisco. Anyhow, I can't seem to view my own website at this point. I can ping it just fine but my proxy server does not allow me to see it. I'm getting the following error in Internet Exploder:
Technical Information (for support personnel)
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 192.168.0.6
Date: 11/6/2005 5:00:10 AM
Server: nj-proxy
Source: proxy
|
|
|
|
|
RE: Wierd ISA or DNS Behavior - 6.Nov.2005 2:13:00 AM
|
|
|
Sunny.C
Posts: 800
Joined: 5.Apr.2005
From: sydney
Status: offline
|
You must create a web server publishing rule for your website and give appropriate access.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Roll Eyes]](/image/smiles/rolleyes.gif)
