• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA SERVER 2004 URgent Help Please

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> ISA SERVER 2004 URgent Help Please Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA SERVER 2004 URgent Help Please - 29.May2006 11:13:12 AM   
rolamohammed

 

Posts: 58
Joined: 19.Dec.2005
Status: offline
 
Dear All,

i have here in My company some Problems with My ISA SERVER 2004 Std.

First Part is Talking about How is My Infrastructure Going on .
Second Part is The 2  Problems which is i am Facing it & some solutions recommended .

First Part:-
1- I have here ISA server 2004 Std with 2 NIC. the First NIC is Connected to My HW Firewall which is Fortigate from Fortinet like CISCO PIX Firewall , with this IP Address :- ( 192.168.1.20 / 24 , DGW : 192.168.1.100 , DNS: 213.255.237.8 ) .
2- The IP-Address of Fortigate is 192.168.1.100.
3- The Second Nic of ISA is have this IP-Address ( 172.16.1.3 / 16 , No GW , DNS 172.16.1.1 " Local " ).
4- All the Clients are connected to ISA Server as NAT Clients " Secure NAT Client ", so all the Clients have the Internal IP Address of ISA as there GW.
5- All the Clients also, Connected to Internet through WEB Proxy as well, " All clients have 172.16.1.3 in the Web Browser it self ".
6- My E-mail server is Hosted OUTSIDE on MY ISP and all of the Users are using POP3 Accounts  & we do not have at all any Internal Mail Server like Exchange server in My Company .
7- On ISA Server i have the following Roles in its order as i will mention it Now :-

  7.1- First Role is to Open Internet for All Users .
  7.2- Second Role is To Publish Our POP3 Server which we are connect to it From " Internal " to " External ".
 
---------------------------------------------------------------------------------------------------------------
Second Part : what is the Problems which we have :-

1- we were have delay - big delay in browsing internet - and we correct by some modification in Registry and i change the Value of it from 1 to be 0 or from 0 to 1 , i can not remmber it.

2- the delay is still . " Our Internet Speed is 512 / 128 "

3- Now the Big Problems is, when any One of the User try to download file " what ever the size is " , he cant and found that , the Brown Page is display for him and say " Page Timed Out " , or even when he try to send attachment from WEB Browser, he get the Same message .

the message is :-

Technical Information ( for support personel )

       Error Code 1460 : TimeOut.
       Background : The Gateway Could not receive a timely response from the Web site you are trying to access , DNS server, or another Gateway server . this might indicate that the Network in Congested .

4- if we convert the Users to be on OUR HW Firewall instead of ISA Server, No Problems from this Type at all reported to us .

i think, there is something need to be modify in registry regarding Timed Out , or i am wrong .

Please Give me your Opinion regarding First Problem ?

--------------------------------------------------------------------------------------------------------------

Second Problem :-

as i said before, all the Users " 70 " users are connected to the internet and have ability to browse internet and also connected to POP3 Server through ISA server and all of them connected to ISA Server as SECURE NAT CLIENT & WEB PROXY CLIENT in the Same time, and no user at all connected to ISA as Firewall Client.

Now, in order to make a control over the Internet, i want to block Browsing ( HTTP & HTTPS ) only and let them only have the ability to use POP3 & SMTP , but NO Internet at all on PC'S .

so my question is " CAN I DO THAT in ISA SERVER which i have or NOT ? " and if i disable the HTTP & HTTPS only and allow POP3 & SMTP , is there any thing will happen or is there any Problem will appear ?

Please Update me regarding First Problem & Second Prooblem as well .
Post #: 1
RE: ISA SERVER 2004 URgent Help Please - 29.May2006 5:07:14 PM   
RAJP

 

Posts: 53
Joined: 11.Mar.2006
Status: offline
The delay problem is probably caused by an incorrect DNS configuration. When configuring ISA, ONLY THE INTERNAL NIC should have DNS entries, NEVER the external NIC and never any DMZ NICs, as odd as that may seem.

In addition, the DNS servers set up on the internal NIC MUST be able to resolve domains on the Internet either by themselves or through the use of a Forwarder at your Internet Service Provider.

The simplest way to disable web browsing when you have Secure NAT clients is to require authentication for outbound HTTP and HTTPS and then use an empty group for Users.

Secure NAT cannot handle authentication so the users will default to the web proxy. The empty group will deny all web proxy clients any Internet browsing.

Hope this helps,

Ray

(in reply to rolamohammed)
Post #: 2
RE: ISA SERVER 2004 URgent Help Please - 2.Dec.2008 10:45:06 AM   
thenovice

 

Posts: 15
Joined: 13.Feb.2007
Status: offline
Hope this helps someone else searching on the 1460 timeout error faced within the ISA 2004 environment:

To resolve the following:
"Technical Information ( for support personel )

       Error Code 1460 : TimeOut.
       Background : The Gateway Could not receive a timely response from the Web site you are trying to access , DNS server, or another Gateway server . this might indicate that the Network in Congested"

Tried Toms "Direct approach" - no resolve, looked into RAJP's "DNS issue" not fitting as All sites accessable - it is Only when querying a SQL (or other DB platform) that one recieves the 1460 error - i.e. a 'Timeout'

Resolution that helped me:
Launch Isa Server Management
(Start - All Programes - Microsoft ISA server - ISA Server Management)
Go to the Networks section under 'Configuration'
(expand 'servername', expand 'Configuration', select 'Netwroks')
Ensure you are on the 'Networks' TAB
Double click on 'Internal'
(or right click 'Internal and select properties, or select 'Edit selected network' under Tasks on right hand control pannel)
Select 'Web Proxy' tab, select the 'Advanced' properties button, increase the default 120 second "Connection timeout (seconds)' value - I up'ed it up to 240 seconds and hey-presto, all external site (i.e. from various client internet sites) .csv files can now be extracted/downloaded

(in reply to RAJP)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> ISA SERVER 2004 URgent Help Please Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts