I'm testing ISA Server in my organization since a few days, and there are some problems and questions that I've found.
First of all, my ISA Server has 2 NICs in the same network 192.168.100.0/24 The IPs are 192.168.100.4 and 192.168.100.5, both adapters have set the gateway to 192.168.100.1 because they are in the same net, and are registered in DNS with the same hostname.
Internal network is defined like the range 192.168.100.0-192.168.100.255 without exclusions.
I know that each NIC should be in a different network, but on this way... also works!!
I've installed Firewall Client in all clients, and I've set the gateway on each client to 192.168.100.4, although there are 4 clients that are set to 192.168.100.5 (the other NIC), does it matter? ... and... Do I really need to set the gateway in a computer that has installed Firewall Client? Can I leave it in blank???
Peridodically ISA begins to notify "Routing(chaining) failure. ISA Server detected a proxy server loop", and some computers lose their Internet connection, then I restart Microsoft Firewall and everything works again for 4 or 5 hours.
What's the cause of the problem? Two NICs in the same subnet? Should I exclude one ISA adapter IP in the Internal network definition? All clients should point to the same NIC?
Thank you very much elmajdal, That's a very interesting article. I've readed an followed all the steps but I can't locate each NIC in a different subnet because it would mean make some important changes in the network and nowadays therere's no time, surely we'll make them in a few months, but no for now.
But, with both NICS in the same network it's working!!! OK, it's less secure obviously, but it works... although I wonder if could be there strange behaviors?? unexpected errors?? Hasn't ISA been designed for support that possibility (two NICS - one network)??
And what about set the gateway in the computers with Firewall Client installed, is it useful???
OK, thanks. I'll try to modify the network topology as soon as possible in order to have both NICS in different networks.
quote:
You can have the 3 different clients
Yes, I know. My choice is Firewall Client, because I need user authentication (SecureNAT is not capable), and I need support for more protocols than http and ftp (web proxy is limited). So, if my ISA Server is in the same subnet than Firewall Clients, I can omit gateway configuration, don't I?
I wonder about it because when I take a look to the dashboard in ISA Server, and I see the sessions, there are Firewall client sessions, web proxy sessions, and SECURE NAT SESSIONS ALSO!!!! And I wonder if the reason is the gateway of the Firewall Clients, that I have configured to the ISA Server IP.
At this moment I have this sessions Firewall Client 44 Web proxy 27 SecureNAT 28 and all the computers are Firewall Clients, why SecureNAT sessions???
I understand Web proxy sessions because as you know when Firewall Client is installed, proxy settings in IE are configured automatically, so... Firewall Clients than need Internet browsing are also Web Proxy clients, so
Firewall Client + Internet browsing, implies Web proxy client
So If my choice is configure each computer as a Firewall Client and the ISA is in the same subnet than clients, do I need configure a gateway?????
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> proxy server loop 
proxy server loop - 
RE: proxy server loop - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread