• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What type of clients are allowed in non-domain environment

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> What type of clients are allowed in non-domain environment Page: [1]
Login
Message << Older Topic   Newer Topic >>
What type of clients are allowed in non-domain environment - 14.Sep.2009 10:59:19 PM   
chetton2000

 

Posts: 34
Joined: 12.Apr.2007
Status: offline
Hi,

I am trying to install ISA Server 2004 in a non-domain environment using 2 NICs.  It will be used for public internet (only http/https) access at our company.  I am not able to connect clients to the Internet after installation.  I am pulling IP addresses from it but when I try to connect, I get the following message:

error code 64 host not available

I have been adding the server manually in IE to test the connection.  I have added the rules to allow HTTP/HTTPS traffic from any internal client with all users.  Are web clients allowed in this type of configuration?  I am a little stumped as to why I am not connecting.  We have another ISA Server connected but it is part of the domain and I don't recall having the same issues.  Any help would be appreciated.
Post #: 1
RE: What type of clients are allowed in non-domain envi... - 15.Sep.2009 12:40:12 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Web clients are definitely allowed in this scenario.  I would review your DNS configuration on the firewall and make sure that your network interfaces are configured correctly.  Remember, the default gateway should only be configured on the external network interface.  Static routes are required for communication to remote internal networks.

http://blog.msfirewall.org.uk/2008/06/isa-servers-recommeded-network-card.html

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to chetton2000)
Post #: 2
RE: What type of clients are allowed in non-domain envi... - 15.Sep.2009 1:19:02 PM   
chetton2000

 

Posts: 34
Joined: 12.Apr.2007
Status: offline
DNS is working on the clients.  I am able to get resolutions when I do a ping.  Ping doesn't go through, but it resolves.  Gateway is on the external interface only.  If I remove ISA Server, I am able to get to the Internet from the machine it was installed on.  ISA has to be blocking something or the clients are not configured correctly...?

(in reply to richardhicks)
Post #: 3
RE: What type of clients are allowed in non-domain envi... - 15.Sep.2009 4:58:29 PM   
chetton2000

 

Posts: 34
Joined: 12.Apr.2007
Status: offline
OK, not really sure what cleared out but now IE seems to be working if I don't put the proxy information in the settings.  So it seems like it is working from a secure NAT perspective.  Shouldn't this work if I put in the proxy settings in IE?

(in reply to chetton2000)
Post #: 4
RE: What type of clients are allowed in non-domain envi... - 15.Sep.2009 5:15:54 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Yes, it definitely should.  You'll probably need to review your network settings in the ISA management console.  Expand the configuration tab and highlight 'networks'. Right-click on your Internal network and choose 'properties'.  Make sure that the address ranges are correct and that your internal domains are listed.  Make sure, of course, the 'web proxy' is enabled too. 

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to chetton2000)
Post #: 5
RE: What type of clients are allowed in non-domain envi... - 16.Sep.2009 11:46:11 PM   
chetton2000

 

Posts: 34
Joined: 12.Apr.2007
Status: offline
Thanks for the reply.  Yes, I had already checked the network tab and that looks correct.  What domains are you referring to - this server is in a workgroup. 

Admittedly, it has been about 3-4 years since I set up our original ISA Server but isn't the web proxy setting enabled by default?  If not, where is this setting?  Thanks.

(in reply to richardhicks)
Post #: 6
RE: What type of clients are allowed in non-domain envi... - 17.Nov.2009 7:11:04 PM   
chetton2000

 

Posts: 34
Joined: 12.Apr.2007
Status: offline
Finally got back around to this and got it working today. It turns out that it was the antivirus that was installed that was messing it up. Just thought I would post the solution in case anyone else had the same problem.

(in reply to chetton2000)
Post #: 7
RE: What type of clients are allowed in non-domain envi... - 18.Nov.2009 12:00:21 AM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Ah yes...host-based anti-virus software running on the ISA firewall can easily cause unintended side effects.  Tom calls this 'defense in depth' though. 

http://blogs.isaserver.org/shinder/2009/11/15/new-enlightenment-regarding-host-av-on-isa-and-tmg-firewalls/

(...just having fun with you Tom!)

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to chetton2000)
Post #: 8
RE: What type of clients are allowed in non-domain envi... - 18.Nov.2009 12:56:31 AM   
chetton2000

 

Posts: 34
Joined: 12.Apr.2007
Status: offline
I call it a headache in this situation but alls well that ends....

(in reply to richardhicks)
Post #: 9
RE: What type of clients are allowed in non-domain envi... - 18.Nov.2009 10:40:48 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: richardhicks

Ah yes...host-based anti-virus software running on the ISA firewall can easily cause unintended side effects.  Tom calls this 'defense in depth' though. 

http://blogs.isaserver.org/shinder/2009/11/15/new-enlightenment-regarding-host-av-on-isa-and-tmg-firewalls/

(...just having fun with you Tom!)




_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to richardhicks)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> What type of clients are allowed in non-domain environment Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts