• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Troubles with a back to back - DNS

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Troubles with a back to back - DNS Page: [1]
Login
Message << Older Topic   Newer Topic >>
Troubles with a back to back - DNS - 12.Jul.2005 1:45:00 PM   
jbarsodi

 

Posts: 114
Joined: 10.Aug.2001
From: Sparks, NV
Status: offline
Ok, I have my HP ISA2K4 appliances sitting just dieing to be configured, but I'm building and testing configurations out via Virtual PC 2004 first.

I'm having issues with getting DNS queries out(and back) from the Internal network/AD Domain DNS Server.

Here's my layout

Internet
|
ISA2k4 Front end
|
DMZ/Perm Network
|
ISA2k4 Back end
(Joined to testdomain.local
|
Windows 2000 Server - Domain controller/DNS
|
Windows XP Pro client

I can see the request from my Domain Controller hit the front end server in the log files.

But it doesn't return any results.

I used the default templates for each, Front End and Back End templates.

I have a feeling I know what my answer would be, to put a DNS cache server in the DMZ, I'd perfer not to if there is a secure way to allow my internal DNS to make external queries.

Any help is always appreciated.
Post #: 1
RE: Troubles with a back to back - DNS - 12.Jul.2005 7:57:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi J,

I think the problem is with the templates. Try configuring the FE and BE ISA firewall from scratch, with the appropriate ISA firewall Networks, Network Rules, and Firewall policy.

HTH,
Tom

(in reply to jbarsodi)
Post #: 2
RE: Troubles with a back to back - DNS - 14.Jul.2005 2:40:00 PM   
jbarsodi

 

Posts: 114
Joined: 10.Aug.2001
From: Sparks, NV
Status: offline
Thanks for the reply Tom!

I wasn't sure how to blank out everything and make sure I got it. So I used the "Edge" firewall template on both and used a "Block All" for my Firewall policy. Created DNS/HTTP/HTTPS rules on both and everything started working. So that got me thinking, what the heck is wrong with the Front/Back templates. I then saved my working CFG's and started over with the Front/Back templates and figured out the problem. The network relationship on the front end firewall for the "Perimeter" network, was Route, I switched to NAT and everything started working.

So, I then created a specific rule for the back end firewall on my front end firewall's network rules and set it to NAT and the switched the Perimeter Network rule back to Route.

My concern is, is there a benefit on keeping the Perimeter network with a Route vs. NAT relationship?

I will be publishing a Web, Frontend Exchange server w/OWA, a SFTP(SSH2) box on the perimeter network.

Thanks!

(in reply to jbarsodi)
Post #: 3
RE: Troubles with a back to back - DNS - 18.Jul.2005 8:36:00 AM   
Guest
hi man
you must check your network
internet
isa2004 (F) open all traffic
nic1 nic2 nic3
----- ---- ------
internet dmzip isa2004(F)ip
isa2004(B)
nic1 nic2
---- ------
isa2004(f)ip switch on your lan

then check you internet acces on you isa2004(b)
if you access to internet
then open traffic on your isa 2004(b)
on dns
ip:xxxxxxxxxxxx for dns
subnetmask:xxxxxxxxxxx
getway:ip for isa2004(b)
dns1:xxxxxxxxxxxxxxx
dns2:xxxxxxxxxxxxxxx
on dhcp add option for geteway :ip for isa2004(b)
this is you problem plz check it .........
RH

(in reply to jbarsodi)
  Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> Troubles with a back to back - DNS Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts