I have set up an ISA server 2006(ISA) on Win2003 Sp1 with the Web Proxy (single network card) template. The sole purpose of this is to control Internet access times for different user groups. The edge of the LAN is protected by a PIX. Another server(XS) hoste Exchange Server 2003. This is dual homed and has one NIC connecting to the PIX and the other connected to the LAN. At present this server also runs NAT for the rest of the LAN. This works fine and I don't want to mess with it.
The ISA server has been given its default gateway as the internal IP address of XS. Logged in locally one can ping external networks and browse the web from ISA.
I have setup the default firewall rule denying all access from Internal to External. As a start I have configured a firewall rule which allows all users from Internal to access all networks in External at all times.
On a client browser (IE) I tick Automatically detect settings and point the proxy server to the address of ISA.
Nothing doing, the client wont connect. Once I can get this step OK I can configure more sensible rules then disable NAT on XS, but until I can I cant go any further. Grateful for ideas what's wrong.
Thanks for your reply. Yes I saw this Technet article and tried it, (though the concept of internal to internal didn't make much sense to me). Unfortunately I got exactly the same results-no throughput.
From: Amazon, Brazil
glad it worked.
About ISA Networks model:
Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer itself.