Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Please help!
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Please help! - 5.Mar.2005 9:32:00 PM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
OK that is all finished. Is there anything else you'd like me to try or setup before I setup this member server with ISA? Anything special I should know about configuring that with the way thing are setup. I know everything is locked down on install.
|
|
|
|
|
RE: Please help! - 5.Mar.2005 9:34:00 PM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
Hmm that's odd. When I went to Verizon's homepage and inquired about their DNS servers it listed 4.2.2.1 and 4.2.2.2 as their DNS servers. When I set my router to obtain DNS from ISP and then checked the router status it is showing 151.197.0.39 and 151.197.0.38 as DNS. Why could that be?
|
|
|
|
|
RE: Please help! - 5.Mar.2005 9:39:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
They may have new DNS servers, but if resolution is working internally I would leave it for the time being. Build the ISA box and before installing ISA set the box to use your internal DNS servers and verify you can at least successfully look up a name.....you won't be able to get there but ping isaserver.org and be sure that it replies with an IP address:
Pinging isaserver.org [69.20.55.133] with 32 bytes of data:
Then install ISA using the tutorials on this site, install the firewall client on your PC's, set the default gateway of ISA to the router, create your access rules and you should be good to go.
|
|
|
|
|
RE: Please help! - 5.Mar.2005 9:58:00 PM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
Sounds fantastic only...I don't see any tutorials come up when I search for installing ISA 2004. It brings up nothing.
|
|
|
|
|
RE: Please help! - 5.Mar.2005 11:06:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
http://www.isaserver.org/articles/2004isanetworks.html
"Creating and Configuring ISA Firewall Networks (2004) [v1.02]"
If you look, there are additional chapters posted which should help you with basic configuration.
|
|
|
|
|
RE: Please help! - 5.Mar.2005 11:28:00 PM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
Did you see in my earlier post about DHCP scope options for DNS? What should I make those? For my clients.
|
|
|
|
|
RE: Please help! - 5.Mar.2005 11:47:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
You'll want to hand the clients out your internal DNS server for name resolution, and let it do the forwarding. That way your internal DNS server will also cache DNS queries.
|
|
|
|
|
RE: Please help! - 6.Mar.2005 1:06:00 AM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
OK got it..and leave the default gateway pointing to the router for the clients or should i change that to the server?
|
|
|
|
|
RE: Please help! - 6.Mar.2005 3:46:00 AM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
Well if it's a one-arm ISA then probably the router, but then set the proxy to the ISA server to take advantage of the caching. This way non-proxy aware apps can go direct.
|
|
|
|
|
RE: Please help! - 6.Mar.2005 10:14:00 PM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
Having trouble...I have installed ISA 2004 on a member server on my domain. I have installed the SP1 update to ISA 2004 as well. The ISA server itself can no longer access the internet. I read through the turorial link you sent but I get lost so at this point I am back where i started at the install. I have configured nothing now. I tried created a rule to allow all outgoing traffic from internal to the internet but nothing. What network topology do i need? By default it is setup to be the Edge Firewall one.
|
|
|
|
|
RE: Please help! - 6.Mar.2005 10:16:00 PM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
And actually I don't quite understand your last post. In my DHCP options I already changed it so my clients would look to my Server for the default gateway. So your saying I change that to the router now?
|
|
|
|
|
RE: Please help! - 7.Mar.2005 2:04:00 AM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
No internal clients should use internal DNS server and the router for their gateway, otherwise non proxy aware apps won't work if you're only using the proxy for caching.
|
|
|
|
|
RE: Please help! - 7.Mar.2005 2:09:00 AM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
Well my router is not using DHCP my server is so my internal clients right now are getting DNS of 192.168.1.2 (Server) and default gateway of 192.168.1.1 (Router) is that fine. I am a complete newbie to this ISA thing so pardon me when I keep saying I don't understand. I cannot find any tutorials that help me really. That is why I am posting my setup to hopefully get assistance on my configuration. I have the ISA server up and running but on the ISA server I can now not browse any websites. I created a default traffic rule allowing all outgoing traffic from internal to external and it doesn't work.
[ March 07, 2005, 02:10 AM: Message edited by: DJ Ballistic ]
|
|
|
|
|
RE: Please help! - 7.Mar.2005 10:42:00 PM
|
|
|
DJ Ballistic
Posts: 21
Joined: 5.Mar.2005
Status: offline
|
This is so frustrating. Everything I am reading says you need 2 NICS in the ISA server for firewall protection. I don't want to use it as a firewall I just want to use it as a web proxy only. And I can find nothing on how to do this. I still have no access on the ISA server itself. I want to get it working on there before I "break" my other clients. I also have been reading about publishing automatic discovery information which I think i have working but i have other problems relating to access permissions or rules so I can't really test that.
|
|
|
|
|
RE: Please help! - 14.Mar.2005 10:27:00 AM
|
|
|
Shaun.McKerchar
Posts: 22
Joined: 13.Jan.2005
From: Johannesburg, South Africa
Status: offline
|
quote:
Originally posted by DJ Ballistic:
This is so frustrating. Everything I am reading says you need 2 NICS in the ISA server for firewall protection. I don't want to use it as a firewall I just want to use it as a web proxy only. And I can find nothing on how to do this. I still have no access on the ISA server itself. I want to get it working on there before I "break" my other clients. I also have been reading about publishing automatic discovery information which I think i have working but i have other problems relating to access permissions or rules so I can't really test that.
If your are using your ISA server purely for caching, you only need 1 NIC.
Disable "publish automatic discovery information". That is only used when you are using 2 or more ISA Servers in a cache array / NLB configuration.
Obviously your DC and your ISA Server must have static addresses.
Your DCs IP configuration should be as follows:
IP address: 192.168.1.2
Subnet mask: 255.255.255.0
Default Gateway: 192.168.1.1 (Your DSL internal address)
Primary DNS Server: 192.168.1.2
Alternate DNS Server: none
Add a DNS forwarder in the DNS settings to your ISPs DNS server.
Your ISA Servers IP configuration should be as follows:
IP address: 192.168.1.x
Subnet mask: 255.255.255.0
Default Gateway: 192.168.1.1 (Your DSL internal address)
Primary DNS Server: 192.168.1.2
Alternate DNS Server: none
Create an array access rule (firewall policy rule) to allow all outbound traffic. In other words, allow all protocols from the Internal network (192.168.1.0 - 192.168.1.255) to the external network.
If all your settings are as above, it should work. Then all you need to do is configure caching.
Shaun McKerchar
SACS
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
