From: Virginia Beach, VA
I am having a problem with ISA Server 2004. I have set up my network to include a DMZ, but I have no communication between the perimeter server and the main servers. I have 4 servers running, Server 1 runs the domain with AD, DNS, DHCP, DFS, and the Print Server. Server 2 also runs AD, SQL, DNS. These are both on the internal domain (192.168.0.x). Server 3 is my ISA Server, it is a tri-homed server with the following NIC connections, External (10.0.0.x), Perimeter (172.16.0.x), and Internal (192.168.0.x). The only thing running on this server is ISA. Server 4 is my perimeter server on the perimeter network (172.16.0.x), it runs my web server, Exchange, and is setup to be my backup server. All Internal and Perimeter NICs have the gateway of the ISA Server, on their respective IP addresses. My ISA server is set up with the following network rules: Perimeter - External, Perimeter (Source) External (Destination), Route; Perimeter - Internal, Internal (Source) Perimeter (Destination) Route; Internal - External NAT. It also contains the following access rules: DNS Perimeter to Internal Publishing Rule, Server 1 to Perimeter network with DNS Server protocol open; DNS Internal to External, Server 1 to Perimeter with DNS Server protocol open; Outbound DNS Internal DNS Server, Allow DNS protocol, Server 1 (Source), External (Destination); Inbound to Perimeter Web Server, Allow HTTP / HTTPS, External (Source), Server 4 (Destination); Inbound to Perimeter SMTP Server, Allow SMTP / SMTPS, External (Source), Server 4 (Destination); Internal to Perimeter communication, Allow ADLogon/DirRep / DirectHost (TCP 445) / DNS / Kerberos-Adm (UDP) / Kerberos-Sec (TCP) / Kerberos-Sec (UDP) / LDAP (TCP) / LDAP (UDP) / LDAP GC / RPC Endpoint Mapper (TCP 135) / NTP / Ping, Server 4 (Source), Server 1 (Destination). On all internal NIC and Perimeter NICs, NETBios has been enabled, it is disabled on the External NIC. I have been able to log Server 4 onto the Internal domain, and it has been added to AD and the DNS server. All the addresses are correct. I have done a nslookup of external websites from server 4 and they produce the correct information. Now I am unable to ping any websites from Server 4, it gives Destination Host Unreachable. I can ping any of the internal servers or client computers. I have looked in Network places and am unable to see Server 4 from the Internal servers, including the ISA server. Also I am unable to see any other server from Server 4. I am unable to activate or update Server 4, due to it's lack of connectivity. I am wondering what I have missed in my setup? I would appreciate any help.