Welcome to ISAserver.org

ISA and Internet Access win2003

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> General >> ISA and Internet Access win2003

Page: [1]

Message

<< Older Topic Newer Topic >>

ISA and Internet Access win2003 - 16.May2006 11:39:24 AM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

I have installed ISA (for testing purpose in the Lab) 2004 on windows 2003 SP1 Desktop (with two NICs).

It is obvoius that I can not access the net after installing ISA (before there was no problem), since there is firewall which is by default denies every thing.

The server by itself, there is no clients,,,,

What I did, I created another rule to enable the server to access the net, but it did not work!!!

i could not figured out where was my mistake.

Thanks

< Message edited by zillah -- 16.May2006 11:43:44 AM >

Post #: 1

Featured Links*

RE: ISA and Internet Access win2003 - 16.May2006 12:49:40 PM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

is ur rule something like this ?? if not , then create this rule.

Allow > All Outbound Protocols > From LOCALHOST > To External > All Users

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to zillah)

Post #: 2

RE: ISA and Internet Access win2003 - 17.May2006 8:54:00 AM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

quote:

Allow > All Outbound Protocols > From LOCALHOST > To External > All Users

This is what I had already
Allow > All Outbound Traffic > From All Networks (and Local Host) > To External > All Users

I tried yours as well,,,it did not work

(in reply to elmajdal)

Post #: 3

RE: ISA and Internet Access win2003 - 17.May2006 11:12:20 AM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

did u set the proxy ??

for example , if ur ISA internal ip is 10.10.10.1

then set ur proxy to : 10.10.10.1 port 8080

HTH

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to zillah)

Post #: 4

RE: ISA and Internet Access win2003 - 17.May2006 11:27:14 AM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

quote:

did u set the proxy ??

No.

quote:

for example , if ur ISA internal ip is 10.10.10.1

With ISA sever only one NIC has been used to connect to net, the other NIC is unplugged.

The PC has been assigned public ip address.

quote:

then set ur proxy to : 10.10.10.1 port 8080

Do you mean I have to set this proxy, within Browser ? before ISA installation , I have not been using proxy

(in reply to elmajdal)

Post #: 5

RE: ISA and Internet Access win2003 - 17.May2006 12:01:21 PM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

how did u configure ur NIC ?? Default gateway , dns ??

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to zillah)

Post #: 6

RE: ISA and Internet Access win2003 - 17.May2006 12:04:29 PM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

quote:

how did u configure ur NIC ?? Default gateway , dns ??

Yes, Dynamic ip address.

(in reply to elmajdal)

Post #: 7

RE: ISA and Internet Access win2003 - 17.May2006 12:07:54 PM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

quote:

Yes, Dynamic ip address.

so u have a router infront of ISA server ?? have u configured a rule to allow dhcp request and reply from and to ISA server?

< Message edited by elmajdal -- 17.May2006 12:09:18 PM >

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to zillah)

Post #: 8

RE: ISA and Internet Access win2003 - 17.May2006 12:13:32 PM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

quote:

so u have a router infront of ISA server ??

Yes, since I am doing this test at work. be aware i am doing this test on production environment, it is in the LAb.

quote:

have u configured a rule to allow dhcp request and reply from and to ISA server?

What should I configure to allow dhcp request and reply?,,,this is what I meant by :

quote:

i could not figured out where was my mistake.

(in reply to elmajdal)

Post #: 9

RE: ISA and Internet Access win2003 - 17.May2006 12:20:05 PM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

if your router is acting as a DHCP server , then create a new ComputerSet and add in this set the IP of your router.

then, create a new rule

Allow > DHCP ( Request) & DHCP ( Reply) > from LocalHost and ComputerSet > To Localhost and ComputerSet.

one thing, does your router has a public ip also ?? or it has 2 nics, one public and one private ?

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to zillah)

Post #: 10

RE: ISA and Internet Access win2003 - 20.May2006 9:39:18 AM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

quote:

then create a new ComputerSet and add in this set the IP of your router.

I did not get this, could you please explain ? Thanks

(in reply to elmajdal)

Post #: 11

RE: ISA and Internet Access win2003 - 20.May2006 3:11:04 PM

LLigetfa

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline

quote:

With ISA sever only one NIC has been used to connect to net, the other NIC is unplugged.

If the other NIC is unplugged, then you don't really have a firewall.
Should the rule then not be localhost to internal?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to zillah)

Post #: 12

RE: ISA and Internet Access win2003 - 20.May2006 4:57:55 PM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

quote:

If the other NIC is unplugged, then you don't really have a firewall.
Should the rule then not be localhost to internal?

Then what should I configure ?

(in reply to LLigetfa)

Post #: 13

RE: ISA and Internet Access win2003 - 21.May2006 5:41:28 PM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

What I did I made slight change to the rule

It was:
Allow > All Outbound Traffic > From All Networks (and Local Host) > To External > All Users

The new one is :
Allow > All Outbound Traffic > Local Host > To External and Local Host > All Users

Now it is working.

Do you thing the rule should be like what I have configured ?

(in reply to zillah)

Post #: 14

RE: ISA and Internet Access win2003 - 23.May2006 10:46:24 PM

zillah

Posts: 11
Joined: 15.May2006
Status: offline

I get confused, the ISA server was able to get the ip address from DHCP server while it had this firewall rule configuration

http://img239.imageshack.us/img239/940/firstone3ld.jpg

It was :

Allow-->All outbound-->Local Host-->External and Local Host-->All Users

Today I could not find that ISA server was able to get ip address from DHCP server, therefore I change the configuration for the firewall to the below and it worked.

Allow-->All outbound-->Internal and Local Host-->External-->All Users

http://img127.imageshack.us/img127/8971/secondone0cc.jpg

I just configured the internal network to satisfy my LAN range ip addresses (public ip not private one), but I left loacl host and External as it is (default configuration)

(in reply to zillah)

Post #: 15