• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Ping External DNS

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Ping External DNS Page: [1]
Login
Message << Older Topic   Newer Topic >>
Ping External DNS - 6.Jun.2009 8:00:43 AM   
vimal

 

Posts: 84
Joined: 31.Oct.2007
From: INDIA
Status: offline
Hi all,

I am not able to ping form internal isa cleint to external DNS linke google.com and any other..I am using ISA Firewall Client..what is the reason for it and how to resolve it...

Thanks

_____________________________

Regards,
Vimal Dhiman (MCSA ,ISA Firewall)
http://computerworldhelpline.blogspot.com
Post #: 1
RE: Ping External DNS - 6.Jun.2009 8:35:22 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Have you an access rule allowing ping from that client?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to vimal)
Post #: 2
RE: Ping External DNS - 6.Jun.2009 9:36:41 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

  1. Set your client as a SecureNet client
  2. And then create a rule to allow the Desired/All protocols from Internal/or  this client Only to External/specific domain names > All User


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to vimal)
Post #: 3
RE: Ping External DNS - 6.Jun.2009 9:46:06 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
quote:

ORIGINAL: elmajdal

Hi,
  1. Set your client as a SecureNet client
  2. And then create a rule to allow the Desired/All protocols from Internal/or  this client Only to External/specific domain names > All User




You surprise me Tarek!!! an All protocol rule..great security!!



_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to elmajdal)
Post #: 4
RE: Ping External DNS - 6.Jun.2009 9:50:10 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi Steve... continue reading till the End

quote:

ORIGINAL: elmajdal

rule to allow the Desired/All protocols


quote:

   from Internal/or  this client Only


quote:

  to External/specific domain names


quote:

 > All User  




_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to elmajdal)
Post #: 5
RE: Ping External DNS - 6.Jun.2009 10:16:28 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
IMHO, it's a very bad habit to get somebody into....

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to elmajdal)
Post #: 6
RE: Ping External DNS - 8.Jun.2009 9:30:38 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Not as bad as allow all protocols to All Networks

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to SteveMoffat)
Post #: 7
RE: Ping External DNS - 8.Jun.2009 11:01:00 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
You "have" stopped doing that I hope!



_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to tshinder)
Post #: 8
RE: Ping External DNS - 16.Jun.2009 3:30:32 AM   
vimal

 

Posts: 84
Joined: 31.Oct.2007
From: INDIA
Status: offline
I have created a rule for all users but still not able to ping .....actually i have a software (RingCentral) on client end it need route to connect it not able to connect. client installed with ISA server firewall client, when i try to ping ringcentral.com its not able to ping not ringcentral.

_____________________________

Regards,
Vimal Dhiman (MCSA ,ISA Firewall)
http://computerworldhelpline.blogspot.com

(in reply to SteveMoffat)
Post #: 9
RE: Ping External DNS - 17.Jun.2009 1:22:14 AM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
The Firewall Client works only with TCP and UDP protocols.  It does not work with IP based protocols or ICMP.  In this case you'll need to make sure that your workstation is configured as a SecureNAT client (your ISA firewall should be the gateway of last resort on your internal network) and that your access rule allowing ICMP is configured to allow 'all users' to access the specific destination(s) you wish to be able to ping.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to vimal)
Post #: 10
RE: Ping External DNS - 17.Jun.2009 2:20:13 AM   
guillermo.rodriguez

 

Posts: 12
Joined: 17.Jun.2009
Status: offline
Hi, the only that you need is a simple rule in the firewall.

Just create an access rule:

Allow --- from internal --- to external   --- protocol "icmp" ---- all users.

If you have in DNS the forwarders externals "dns external", no problem, but you need allow ICMP protocol for ping any domain or host.

just create a rule"

So when any user try to ping www.google.com  its must work.


regards!

(in reply to vimal)
Post #: 11
RE: Ping External DNS - 17.Jun.2009 11:05:45 AM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
This all assumes, of course, that your external DNS servers will reply to ICMP echo requests too...

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to guillermo.rodriguez)
Post #: 12
RE: Ping External DNS - 19.Jun.2009 9:21:51 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Ha! Indeed, not all of them do. :)

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to richardhicks)
Post #: 13
RE: Ping External DNS - 19.Jun.2009 12:05:53 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
That little bit of information is often overlooked.  Thought I'd chime in and remind everyone.    Now, if I had a dime for every systems administrator who called me because my ISA 'server' was down because it wasn't responding to pings...

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to tshinder)
Post #: 14
RE: Ping External DNS - 20.Jun.2009 9:13:05 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline


_____________________________

Thomas W Shinder, M.D.

(in reply to richardhicks)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Ping External DNS Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts