• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

public ip gets denied

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> public ip gets denied Page: [1]
Login
Message << Older Topic   Newer Topic >>
public ip gets denied - 10.Nov.2006 3:58:46 PM   
prohmann

 

Posts: 21
Joined: 26.Feb.2002
Status: offline
    Since I set up the new ISA 2006 with a dynamic-ip dsl, I am experiencing quite some trouble. Often when the public ip is renewed (provider disconnects every 24 hours), the ISA will no longer use it's private lan-ip to query against my providers dns, but it will use the public wan-ip. In the firewall-log ISA realizes that it is still "localhost" who is trying to query a dns, but it will deny the connection.
This situation is rather annoying, since without the dns-queries the entire internet-access from within the lan will stop.
Does anyone have an idea? With ISA 2004 I never had that problem and I am actually using the same rules (imported from the old configuration).
Post #: 1
RE: public ip gets denied - 12.Nov.2006 11:37:46 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pro,

Is the internal interface on the top of the interface list?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to prohmann)
Post #: 2
RE: public ip gets denied - 12.Nov.2006 3:14:55 PM   
prohmann

 

Posts: 21
Joined: 26.Feb.2002
Status: offline
quote:

ORIGINAL: tshinder

Hi Pro,

Is the internal interface on the top of the interface list?

Thanks!
Tom


Hi Tom,

yes, the internal interface is on top of the list of the advanced settings in the network connections.
It was the first thing I checked when installing the server. What makes me wonder is, that the strange denying behavior I experience does not occur all the time, but just from time to time. Maybe I should put a router in front of the ISA in order to avoid any problems. But I'd rather love to solve this mystery, rather than changing the configuration.
Could the import of the old ISA 2004-configuration cause the trouble?

(in reply to tshinder)
Post #: 3
RE: public ip gets denied - 14.Nov.2006 9:34:55 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Prohmann,

Is the internal interface configured to use an internal DNS server?

thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to prohmann)
Post #: 4
RE: public ip gets denied - 17.Nov.2006 1:56:21 AM   
prohmann

 

Posts: 21
Joined: 26.Feb.2002
Status: offline
Hi Tom,

the internal interface has the IP of the localhost configured as the DNS. The ISA-server is configured as a DNS-server, forwarding requests for the .local-domain to the domain controller within the lan, while all other requests will be forwarded to the two DNS the ISP provides. Also the DNS on the ISA is configured to listen on the LAN-IP only.
Thanks for giving this matter a thought. I'm really stuck on this one.
Maybe this information might help too: whenever the ISA-server gets into this mode, I can make it work normal again by restarting all ISA-services.

(in reply to tshinder)
Post #: 5
RE: public ip gets denied - 17.Nov.2006 1:01:20 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Prohmann,

If you have the external interface configured to use DHCP for address configuration, you still have the option to 'hard code' the DNS server address. Go ahead and put your DNS server address (the DNS server you want to use for name resolution) on the external interface and see if that fixes things.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to prohmann)
Post #: 6
RE: public ip gets denied - 29.Nov.2006 2:13:05 AM   
prohmann

 

Posts: 21
Joined: 26.Feb.2002
Status: offline
quote:

ORIGINAL: tshinder

Hi Prohmann,

If you have the external interface configured to use DHCP for address configuration, you still have the option to 'hard code' the DNS server address. Go ahead and put your DNS server address (the DNS server you want to use for name resolution) on the external interface and see if that fixes things.

HTH,
Tom


Hi Tom,
I've tried that and for a few days the machine was working without trouble. This morning it happened again. :( I wonder what I do that it behaves like this.

(in reply to tshinder)
Post #: 7
RE: public ip gets denied - 29.Nov.2006 11:40:59 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pro,

Did the machine somehow receive an external DNS server address? You can do an ipconfig /all to find out.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to prohmann)
Post #: 8
RE: public ip gets denied - 23.Dec.2006 3:57:59 PM   
prohmann

 

Posts: 21
Joined: 26.Feb.2002
Status: offline
Hi Tom,
I think I've found the source of the problem and I've been able to reproduce it on another system. I've used a DSL-driver called Cfos-Professional. It seems that this messed up the network of the ISA-server regarding it's own public IP, aside from what is configurable in any network configuration accessible under Windows.

Thanks a lot for your help and have a merry X-mas.

Pascal

(in reply to tshinder)
Post #: 9
RE: public ip gets denied - 26.Dec.2006 12:07:02 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pascal,

Great! I hope you get it working and thanks for the follow up!

Merry Christmas!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to prohmann)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> public ip gets denied Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts