quote:

ORIGINAL: cbjohnson

Hello, is your ISA box setup as the default gateway on your network? Have you added a persistent route for your subnets on your ISA box?

quote:

ORIGINAL: cbjohnson

I thought so too. However, once I added the routes for my two remote subnets I had full connectivity.

quote:

ORIGINAL: pwindell

You need the static routes.
You do not want the ISA to be the Default Gateway of anything.

Name resolution won't happen if the System Policies are not correct. 
Name resolution won't happen dependably if the AD/DNS is not the only DNS Server the ISA uses.

quote:

ORIGINAL: pwindell

1. Forget Ping. Ping is worthless. The fact that something can't be pinged is meaningless.  If you want to test some type of commincation, then use the same protocol used in the communication.  Want to test http, then use http,...want to test DNS, then use DNS,..want to test Telnet, then use Telnet.

2. Connectivity verifiers are worthless if you create them improperly,...such as using Ping to test something that is not Ping.  Forget the Verifiers.

3. Now, let's start from the beginning
A.  Uninstall ISA from the Box. Make sure the box uses only the AD/DNS
       and none other (same way with every other machine on the LAN).

B.  Join the box to the Domian. If it is already joined,..then unjoin it and
      move to a Workgroup,...reboot,...then rejoin it to the Domain.  Now we
      know the Join is a "good" one,...which also proves that the machine is
      handling DNS correctly.  Add or verify the Static Routes to the
      OS's routing table as we mentioned in previous posts.

C. Install ISA and choose the Single-Nic Cache Server Template

D. Make sure your Firewall,...whatever that may be,...allows the AD/DNS
     Server to make outbound DNS Queries.  The AD/DNS will not use the
     ISA for this,...DNS does not fall within the "role" of a CERN Compliant
       Web Proxy (like a single-nic ISA) which only does http, https, read-only
       ftp, and gopher.  Make sure that this same Firewall does not allow
     outbound http/https/ftp from the Users or they will be able to bypass the
     ISA by removing the proxy settings from their browser.

E. Create Access Rules for Users
           Source: Internal
           Destin:  Internal (yes, internal)
           Protocol:  http, https, ftp
           Users: <whatever>

 F.  ISA itself will not be able to browse the Net.  It is by default and is on
       purpose,...intensional

 G. ISA's System Policies will allow only the minimum communication with
      the LAN (the DC) for it to do its job.  It will not be able to run around on
      the Internet or the LAN in the same way as other machines,...it is not
      supposed to.

If it does not work,...particularly concerning the routing and the Static Routes, then you have not correctly described your LAN Topology Design to us.

Here's some additional information (it says ISA2004, but it is still that same)...

The features and limitations of a single-homed ISA Server 2004 computer
http://support.microsoft.com/kb/838364/en-us
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/single_adapter.mspx

Configuring ISA Server 2004 on a Single Adapter Computer
(http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/single_adapter.mspx)

quote:

ORIGINAL: pwindell

The route Table entries can be done at any time,..but the sooner the better.

ISA in a single nic mode is not a "router" in any way,...it is not the Default Gateway of anything.

Your LAN Router that routes your LAN's subnets (192.168.0.0, 192.168.1.0, 10.10.1.0, 10.10.2.0) will be the Default Gateway of all machines except the ISA which will use the Firewall as it Default Gateway.

Your LAN Router will use the Firewall as its Default Gateway.