• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

All working except SecureNAT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> All working except SecureNAT Page: [1]
Login
Message << Older Topic   Newer Topic >>
All working except SecureNAT - 13.Dec.2006 6:56:27 AM   
Ben Richardson

 

Posts: 27
Joined: 16.Aug.2002
From: UK
Status: offline
I've installed ISA 2006 evaluation on a test server. Firewall client works, Web proxy client works, but SecureNAT client does not.

DNS on the client is our local DNS server, which has forwarding enabled, and i can successfully ping external stuff. If i change my default gateway to my existing ISA 2000 box i can browse the web f ine.

If anyone can point me in the right direction that would be great!
Post #: 1
RE: All working except SecureNAT - 13.Dec.2006 8:32:54 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
make sure u have an anonymous rule for your Secure Nat clients with an ALL Users condition and to set this rule above authenticated rules.

check this for more : http://www.isaserver.org/articles/ISA2004_AccessRules.html

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Ben Richardson)
Post #: 2
RE: All working except SecureNAT - 13.Dec.2006 9:57:11 AM   
Ben Richardson

 

Posts: 27
Joined: 16.Aug.2002
From: UK
Status: offline
Thanks Tarek,

Thanks for also for the useful link.

I have a Firewall Policy that allows All traffic - from internal to external networks - for all content types, always and for "All Users". This is my top rule number 1.

I also have a Network rule of a NAT relationship between internal and external networks too. This is at order position 2 beneath the "Local Host Access" network rule which i can't modify.

So looks like everything is set right?


(in reply to elmajdal)
Post #: 3
RE: All working except SecureNAT - 13.Dec.2006 10:49:08 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
In your Internal Network Properties, make sure you dont have the "Require All Users to Authenticated " checked.



till now yes everything looks normal.

are u sure u set your clients default gateway as ur ISA server Internal NIC IP ???

is there anything seperating the clients from ISA server?

< Message edited by elmajdal -- 13.Dec.2006 10:52:45 AM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Ben Richardson)
Post #: 4
RE: All working except SecureNAT - 14.Dec.2006 3:21:42 AM   
Ben Richardson

 

Posts: 27
Joined: 16.Aug.2002
From: UK
Status: offline
Hi Tarek,

I checked and no, i do not have "Require all users to authenticate" checked. Whilst in there though I noticed i hadn't specified my local domain, which i have now done (but didn't help).

Yes I'm 100% sure I'm setting default gateway to the ISA's internal IP - indeed i can use this IP in the firewall client and it works. Setting the gateway IP to my existing ISA 2000 server works fine, so pretty sure there's nothing wrong client side.

Both server and client are plugged into the same switch so there's nothing strange going on there either.

Unless anyone has any other ideas i may as well trash the OS and start again :-(

(in reply to elmajdal)
Post #: 5
RE: All working except SecureNAT - 18.Dec.2006 7:02:30 AM   
Ben Richardson

 

Posts: 27
Joined: 16.Aug.2002
From: UK
Status: offline
Windows 2003 reinstalled, ISA 2006 back on, now SecureNAT clients work fine - as do Firewall client and proxy clients. Made a note of previous installation's settings and they're exactly the same as what i have now.

None the wiser then but at least all working now - off to make an image before i break it again.

Thanks again for your help Tarek

Ben


(in reply to Ben Richardson)
Post #: 6
RE: All working except SecureNAT - 18.Dec.2006 8:08:38 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Thanks for the follow up.

i Had a call from a friend yesterday , he has your same problem , i will make a visit to his site and check whats the problem. i will update you later with what was going on,

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Ben Richardson)
Post #: 7
RE: All working except SecureNAT - 19.Jan.2007 5:52:49 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Ok , the problem in my friend's site was he didnt create a rule allowing DNS protocol from his DNS serve to the ISP DNS Server.

he had :

1- created a rule for All Users
2- located this rule above authenticated rules
3- has setup the DGW on the client machines as ISA Internal IP
4- has set up forwarders into his internal DNS server to the ISP DNS Servers
5- but forgot to create the protocol as mentioned above.

i wrote an article for this issue ,if anyone came to this thread and interested, have a look at : Internal DNS Forwarding Through ISA Server 2004/2006

< Message edited by elmajdal -- 19.Jan.2007 6:07:42 PM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to elmajdal)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> All working except SecureNAT Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts