ISA and Internet Access win2003 (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> General



Message


zillah -> ISA and Internet Access win2003 (16.May2006 11:39:24 AM)

I have installed ISA (for testing purpose in the Lab) 2004 on windows 2003 SP1 Desktop (with two NICs).

It is obvoius that I can not access the net after installing ISA (before there was no problem), since there is firewall which is by default denies every thing.

The server by itself, there is no clients,,,,

What I did, I created another rule to enable the server to access the net, but it did not work!!!

i could not figured out where was my mistake.

Thanks




elmajdal -> RE: ISA and Internet Access win2003 (16.May2006 12:49:40 PM)

 
is ur rule something like this ?? if not , then create this rule.

Allow > All Outbound Protocols > From LOCALHOST > To External > All Users




zillah -> RE: ISA and Internet Access win2003 (17.May2006 8:54:00 AM)

quote:

Allow > All Outbound Protocols > From LOCALHOST > To External > All Users

This is what I had already
Allow > All Outbound Traffic > From All Networks (and Local Host) > To External > All Users

I tried yours as well,,,it did not work






elmajdal -> RE: ISA and Internet Access win2003 (17.May2006 11:12:20 AM)

did u set the proxy ??

for example , if ur ISA internal ip is 10.10.10.1

then set ur proxy to : 10.10.10.1 port 8080

HTH




zillah -> RE: ISA and Internet Access win2003 (17.May2006 11:27:14 AM)

quote:

did u set the proxy ??

No.

quote:

for example , if ur ISA internal ip is 10.10.10.1

With ISA sever only one NIC has been used to connect to net, the other NIC is unplugged.

The PC has been assigned public ip address.


quote:

then set ur proxy to : 10.10.10.1 port 8080

Do you mean I have to set this proxy, within Browser ? before ISA installation , I have not been using proxy





elmajdal -> RE: ISA and Internet Access win2003 (17.May2006 12:01:21 PM)

how did u configure ur NIC ?? Default gateway , dns ??




zillah -> RE: ISA and Internet Access win2003 (17.May2006 12:04:29 PM)

quote:

how did u configure ur NIC ?? Default gateway , dns ??

Yes, Dynamic ip address.




elmajdal -> RE: ISA and Internet Access win2003 (17.May2006 12:07:54 PM)

quote:

Yes, Dynamic ip address.


so u have a router infront of ISA server ?? have u configured a rule to allow dhcp request and reply from and to ISA server?




zillah -> RE: ISA and Internet Access win2003 (17.May2006 12:13:32 PM)

quote:

so u have a router infront of ISA server ??

Yes, since I am doing this test at work. be aware i am doing this test on production environment, it is in the LAb.


quote:

have u configured a rule to allow dhcp request and reply from and to ISA server?

What should I configure to allow dhcp request and reply?,,,this is what I meant by :
quote:

i could not figured out where was my mistake.




elmajdal -> RE: ISA and Internet Access win2003 (17.May2006 12:20:05 PM)

if your router is acting as a DHCP server , then create a new ComputerSet and add in this set the IP of your router.

then, create a new rule

Allow > DHCP ( Request) & DHCP ( Reply) > from LocalHost and ComputerSet > To Localhost and ComputerSet.


one thing, does your router has a public ip also ?? or it has 2 nics, one public and one private ?




zillah -> RE: ISA and Internet Access win2003 (20.May2006 9:39:18 AM)

quote:

then create a new ComputerSet and add in this set the IP of your router.

I did not get this, could you please explain ? Thanks




LLigetfa -> RE: ISA and Internet Access win2003 (20.May2006 3:11:04 PM)

quote:

With ISA sever only one NIC has been used to connect to net, the other NIC is unplugged.

If the other NIC is unplugged, then you don't really have a firewall.
Should the rule then not be localhost to internal?




zillah -> RE: ISA and Internet Access win2003 (20.May2006 4:57:55 PM)

quote:

If the other NIC is unplugged, then you don't really have a firewall.
Should the rule then not be localhost to internal?

Then what should I configure ?





zillah -> RE: ISA and Internet Access win2003 (21.May2006 5:41:28 PM)

What I did I made slight change to the rule

It was:
Allow > All Outbound Traffic > From All Networks (and Local Host) > To External > All Users

The new one is :
Allow > All Outbound Traffic > Local Host > To External and Local Host > All Users

Now it is working.

Do you thing the rule should be like what I have configured ?




zillah -> RE: ISA and Internet Access win2003 (23.May2006 10:46:24 PM)

I get confused, the ISA server was able to get the ip address from DHCP server while it had this firewall rule configuration

http://img239.imageshack.us/img239/940/firstone3ld.jpg

It was :

Allow-->All outbound-->Local Host-->External and Local Host-->All Users



Today I could not find that ISA server was able to get ip address from DHCP server, therefore I change the configuration for the firewall to the below and it worked.

Allow-->All outbound-->Internal and Local Host-->External-->All Users

http://img127.imageshack.us/img127/8971/secondone0cc.jpg

I just configured the internal network to satisfy my LAN range ip addresses (public ip not private one), but I left loacl host and External as it is (default configuration)





Page: [1]