• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SecureNAT clients have no external connectivity

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> SecureNAT clients have no external connectivity Page: [1]
Login
Message << Older Topic   Newer Topic >>
SecureNAT clients have no external connectivity - 18.May2009 2:00:50 PM   
brennanmm

 

Posts: 7
Joined: 18.May2009
Status: offline
I've got an ISA 2006 installation and I'm trying to get SecureNAT running properly.  The previous admin never got DNS working correctly, so I know my configuration there needs to be changed (he has different DNS Servers configured on the LAN and WAN interfaces of the ISA, where my understanding is that the LAN intereface should be set to use my Internal servers, and the WAN interface should have no DNS servers listed at all).  The problem is that right now I can't get any connectivity from my SecureNAT clients to the Internet.  Not with Hostnames (which I don't expect until I get the rest of the DNS sorted) or with strictly IP Address based connectivity either.  No PING, no telnet, etc.  Firewall and Proxy Clients are working OK.

My SecureNAT clients are configured with the IP Address of the LAN interface of the ISA as the default gateway.  My ISA Server has Rules that read:

1 --- DNS Outbound --- Allow --- DNS --- (My DNS Servers) --- External --- All Users
2 --- PING Outbound --- Allow --- PING --- (My SecureNAT Clients) --- External --- All Users
etc

When I try to ping or nslookup from my servers, I don't even see an entry in the Live log....like the request isn't happening.

Since I inherited this server, I'm a little afraid that maybe someone messed with the RRAS in the past, other than that I'm not sure what I am doing wrong.  Any advice would be greatly appreciated.

Thanks
Post #: 1
RE: SecureNAT clients have no external connectivity - 18.May2009 4:34:23 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

itīs hard to inherit an enviroment thatīs not well documented.

Back to your problem. I think the problem is not the firewall. Fisrt check those links below:
http://blog.msfirewall.org.uk/2008/06/isa-servers-recommeded-network-card.html
http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding.aspx

Configure your ISA firewall NICs according to Jasonīs article and configure your internal DNS servers as Tarekīs article.

After that, run nslookup command on some client behind ISA firewall and look for and external domain (i.e. microsoft.com) and check if it returns correct value for this query.

Regards,
Paulo Oliveira.

(in reply to brennanmm)
Post #: 2
RE: SecureNAT clients have no external connectivity - 18.May2009 5:53:44 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

If you have Windows Server 2003 SP2, then check this KB : http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695

http://support.microsoft.com/kb/948496/

< Message edited by elmajdal -- 18.May2009 5:55:33 PM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to brennanmm)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> SecureNAT clients have no external connectivity Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts