RE: DHCP External to ISA for Internal LAN - 30.Oct.2006 9:00:16 AM
Guest
quote:
So your saying that my ISA Internal NIC should be changed to something like 192.168.1.x (for example). But won't this change my LAN IPs?
possible. this depends.. before adding ISA, your clients use to belong to network 192.168.2.x with ISA as I said you cannot have two interface belonging to the same subnet.(ISA doesn't support the bridging mode). a good news is that you only have nat between your sonicwall and exterior network so adding ISA into equation will make it just double nat. by the way your settings look good except the ISA internal interface which should belong to another subnet.
< Message edited by adrian_dimcev -- 31.Oct.2006 6:29:27 AM >
RE: DHCP External to ISA for Internal LAN - 30.Oct.2006 9:15:00 AM
Guest
what exatly do you mean with that? if you are using dhcp on your internal lan you need to change the dhcp scope to cover the new subnet. the clients from Internal network will use as gateway the ISA internal interface's ip address.
RE: DHCP External to ISA for Internal LAN - 30.Oct.2006 9:26:37 AM
Guest
by the way it is more simple to change the network id on the internal interface of sonicwall so in this way you will have to make litlle changes: on the sonic internal interface on ISA external interface and maybe some rules on your sonicwall. in this way your internal network will be less affected.
so that means i would actually have 2 gateways? the clients use the gateway of ISA server (which is the ISA Internal NIC IP) and ISA External NIC connects to sonicwall gateway?
-So to make this happen correctly (and easily), i should change the ISA Internal NIC IP to 192.168.2.101 (so clients wouldn't notice the gateway change). -Then change sonicwall Internal IP to something on a different subnet (like 192.168.1.101) -Then change the ISA External NIC IP to the new gateway (192.168.1.101) -Then change any policies and what not in sonicwall to reflect the subnet change.
Did I miss anything?
thanks, 10
< Message edited by x102020 -- 30.Oct.2006 9:42:04 AM >
RE: DHCP External to ISA for Internal LAN - 30.Oct.2006 9:48:15 AM
Guest
something like that except that ISA external interface: ip address 192.168.1.102 dg: 192.168.1.101(the sonicwall ip address from internal interface) dns: none also with ISA now in place your clients are using it as a proxy server to connect to Internet. so make sure you have the correct settings on them, maybe install FWC on them and use it alone(clients will use only FWC to connect to the Internet,....) or in combination with proxy. for the proxy it is better to use the "automatically configuration script". take a closer look here: http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.html http://blogs.isaserver.org/pouseele/2006/05/21/a-different-look-at-the-isa-clients/
< Message edited by adrian_dimcev -- 30.Oct.2006 10:45:52 AM >
sweet, I have working internet!! thanks a ton for all the help, if there's anything I can do to repay you, lemme know :)
Now, I still have a few issues I need to get resolved concerning ISA.
1. We have an exchange server, it is now sending outbound emails, but inbound emails dont come in, is there something in nat in ISA i have to open aside from smtp?
RE: DHCP External to ISA for Internal LAN - 31.Oct.2006 3:27:12 AM
Guest
Great! to set the proxy settings on clients an easy way to do this is to use a gpo. another way if you have installed the FWC client to enable this option on ISA and the FWC set to automatically configure your browser settings. To allow the mail server you need this time to use the publish rules not the access rules. you need to use the publish rules because you have a nat relationship between your networks.(I guess external and internal if you did not put your excahnge server in dmz). also make sure you are permitting on your sonicwall the inbound mail connection to be forward to ISA.
I've published the server and the necessary protocols.
I see the smtp packets (in sonicwall) being dropped, they are trying to access the exchange server directly?
I have an smtp relay server setup on ISA (so the exchange passes to the ISA server, because we have our spam control on there), but it's not active yet.
*edit, found the nat policy in sonicwall that is WAN > LAN for the exchange (but it's still being dropped?), so I guess I'll need to apply the smtp relay.
Now for the nat policy, should it be pointing to the Ext ISA NIC or Int ISA NIC for smtp?
< Message edited by x102020 -- 31.Oct.2006 8:33:11 AM >
RE: DHCP External to ISA for Internal LAN - 31.Oct.2006 9:24:42 AM
Guest
As I said you have to allow inbound connection on your sonicwall. I don't know how you configure your sonicwall to do this 'cause I haven't worked with sonicwalls. a simple way to do it probably will be to use the dmz interaface on the sonicwall rather than its lan interface for the connection between him ans ISA external interface. for beggining allow all incoming connection on it to the ISA external interface? don't install your mail server on ISA. http://www.isaserver.org/tutorials/Publishing_A_Mail_Server_With_ISA_Server.html
hmmm, read through all that, didn't seem to be the answer, I checked my IIS again, that's all pointing fine.
What we have setup is an inbound & outbound smtp relay. The inbound is great, but everytime I try to setup the outbound, it sends, but doesn't arrive where it should.
Pretty sure its a nat policy.
The exchange server (192.168.2.11) needs to be allowed >> to >> internal or external ISA NIC? I'm seeing it being blocked in ISA monitor, looks like its internal?
I checked the nat policies in sonicwall for inbound/outbound emails, they are routing fine, so ISA is the problem.
just need to confirm though.
thx, 10
< Message edited by x102020 -- 31.Oct.2006 10:51:36 AM >
had to setup inbound (which was done already), relay rules, and outbound rules. As well as create another network for the sonicwall (didn't like it being on a different subnet).
Now that that's going good, I'm gunna search the forums for the other answer, because I know I've seen it in here before. I think I'm going to write a tutorial on sonicwall for this because there is ZIP on there... :(
well strange things are happening with my outbound smtp relay. I followed the tutorial for a 2nd time (based on isa 2004). I changed the system policy to send to External as well, it sent out the emails that were on the server from a few hours back, but nothing new, and then it doesn't seem to send anything now. I see it sending ok in the event viewer (it relays fine and sends to the wan partially ok). I get an e21 error (ill report the whole error code tomorrow). the smtp relay is bound to both ext. and int. IPs of ISA. I'm confused.
*edit: The error code I get is: 0x80074e21 fwx_e_abortive_shutdown
First I get the Error Success, then the Abortive Shutdown, and I don't get the outbound emails on the other end..
any ideas?
thx, 10
< Message edited by x102020 -- 1.Nov.2006 8:57:22 AM >
RE: DHCP External to ISA for Internal LAN - 1.Nov.2006 8:56:46 AM
Guest
ha, your troubles seems to never end. now it is working, now it is not. now i have outbound connection but not inbound. now both. now I not sure. easy come, easy go.
quote:
hmmm, read through all that, didn't seem to be the answer
well, looks clear to me: you are setting a smtp relay on your ISA probably for inbound and outbound for your exchange server. I'm pretty sure that these articles are very clear and explicit on how to do that.
quote:
1. On the exchange server, when I forward, to I forward to the Internal or External NIC of ISA? 2. On the SMTP relay server (in IIS), do I bind to a) 'all unassigned', b) Internal ISA NIC, or c) External ISA NIC 3. On the mail publishing, do I need to setup 'server-to-server', our just 'client access'? I know that mail coming in needs to come into the External ISA NIC, but what about outgoing email? Internal or External?
all the answers are in those articles.
quote:
*edit, found the nat policy in sonicwall that is WAN > LAN for the exchange (but it's still being dropped?), so I guess I'll need to apply the smtp relay.
easy, my friend, easy. one at a time. You have already enables smtp relay on ISA. I don't know how this smtp relay works on sonicwall, but since you have enabled it on ISA then on your sonic you need to do port forwording. if you want a better smtp relay, one of those articles discuss this problem too.
quote:
As well as create another network for the sonicwall (didn't like it being on a different subnet).
ha, this looks trouble to me.
< Message edited by adrian_dimcev -- 1.Nov.2006 8:58:20 AM >
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> RE: DHCP External to ISA for Internal LAN 
RE: DHCP External to ISA for Internal LAN - 
except the ISA internal interface which should belong to another subnet.
. 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread