We have 2 domain controllers with windows2000 server(servpack4). Exchange server2000 is installed in the additional domain controller, this server name as "exchange". We are connnecting to the Internet through this machine. Ourinternet connection is using a modem and a broadband satellite receiver card. The uplink is using the modem and the downloading is using the satellite receiver card.
We tried to install ISA server in this machine. But after ISA server installation, We are not able to access Internet.
I have having the same problem. Totally different set up (2 NICs, one to the 192.168 local network and one on a static IP on our partial T1) - but the same result.
It looks like ISA server/firewall installs with EVERYTHING blocked. On the ISA machine itself I can't hit the Internet, nor can a route through it via the local IP. In the latter case I get "blocked" notices in the logs.
If I stop the ISA services then the ISA PC can surf just fine - when I restart them it is blocked.
Did you check your logs to see what, if anything it has?
Assuming you have the same problem I do - there is something I am missing I made rules to allow my machine to route through the box to the Internet - and for the box itself to do so (there is an article here on the latter) and still no go.
I am thinking of un-installing and starting over - I have been hammering on this for several days with my boss breathing down my neck
Maybe someone will step in and answer your question - and mine.
quote:Originally posted by Linke Loe: You have to have a protocol rule, allowing all or some protocols defined under protocol definitions. Without a protocol rule there will be no traffic allowed through ISA.
In addition, you need a site and content rule, allowing traffic to certain destinations.
I had these set up, still no go.
I made new rules, basically "allow" rules for any protocol from anyone to any site - still no go. I don't how I could have gotten them wrong - those allow everything rules are really simple (it seems).
I get this in the log when I try to surf from the ISA machine:
2003-12-04 20:31:31 65.105.1xx.xxx 18.104.22.168 Tcp 3321 80 SYN BLOCKED 65.105.1xx.xxx 2003-12-04 20:31:37 65.105.1xx.xxx 22.214.171.124 Tcp 3321 80 SYN BLOCKED 65.105.1xx.xxx
I could not surf from the proxy machine itself OR from my machine when I tried to route through it.
I am trying to set ISA up as in "invisible" proxy - like a LINUX IPCop box or hardware router (but with more features and control). From reading the docs and Mr. Shinder's book - this SHOULD be possible, right? No need to clients to be installed on the workstations and no need to change settings on them - just change their default gateway IP to be the "local" NIC in the ISA server?
Anyway, I removed the ISA server and I am going to start over - just in case.
I should also point out that I had a "default gateway" on my LOCAL NIC - looking through some of the notes and tutorials here I realized that was a mistake. There were also events in the event log about "could not create a packet filter".
I was going in from 192.168.1.115 to the local NIC at 192.168.1.112(for example) and I had the local NIC with a primary gateway of 192.168.1.1. So I think it was trying to route packets back to me via the gateway or something. In any case, I blanked this out as it was incorrent and it had been working well today.
I have lots of other issues and problems, but at least I can surf the internet via the ISA server now
go in access policy > ip packet filter and make new filter name it self.click next then again click next.now click custom and then click nect until this is finidhed.this is the most right way to run internet on isa server machine.