• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Rule not working anymore

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Rule not working anymore Page: [1]
Login
Message << Older Topic   Newer Topic >>
Rule not working anymore - 3.Jan.2012 4:42:30 AM   
Budje

 

Posts: 3
Joined: 3.Jan.2012
Status: offline
I have a strange problem. At home I am using ISA 2006 (on Windows 2003 with DNS, DHCP and AD) for internet sharing for 6 computers. DHCP is pointing the gateway to ISA.
In fact I am a happy user and there normally are no issues I can't resolve.
I like the fact that I can tweak and change a lot of feautures I normally cannot do with a normal router for internet sharing. So this is a home situation, no business solution ;-)

But now I have this strange "problem".
I bought a new D-Link router for use as a wifi-access point (let's call it the Dlink). This Dlink replaces my old 3Com 54g wifi accespoint. For that I disabled on Dlink all router-functions (DNS/DHCP). I setted up my new wifi network with WPA security, no problems.
The notebook I am testing with is now connected with the Dlink. I got the IP from my own DNS server, the gateway is my ISA server. I can ping the server, I can remote control the server. All good...but I don't get any internet anymore as before.

When I start logging @ the ISA server, I can see that all port 80 requests are rejected by a rule I have for my workstation, but this rule is BELOW the rule for my DHCP/wifi range. Let's call this the "other pc's rule". It's rejected because I use a use-dependent rule for the workstation. So well I can understand the rejection, but I cannot understand why my "other's pc rule" isnt working anymore.
The most other computers are using this rule. And to my horror....indeed they also don't have internet anymore! What the heck is going on?

For workaround I created an new rule, just for the notebook....and now this one works as designed. This rule is exactly the same as my "other's pc rule", only now it's for the notebook's IP.
After that I added the IP from my home theatre pc (htpc), and this one is getting internet again, too.

So, I have a workaround...create new rule(s).

But why is my old rule not working anymore? I don't have a clue, to be honest.
Post #: 1
RE: Rule not working anymore - 30.Jan.2012 12:43:48 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Your first mistake was buying a "wireless router" instead of a "wireless access point".  The two are not the same thing.  Disabling all the Layer3 & 4 functionality on the device should make it behave as a regular Access Point but I wouldn't trust that farther than I can throw it.

quote:

the rule for my DHCP/wifi range


The is no wifi range,..and there should not be.  If there is,..than that is the problem.  You only have one IP segment,..only one,...therefore there is no "wifi range".  A Wireless Access Point (WAP) operates at Layers 1 & 2 only,..therefore it has no concept of  "IP#s" which exist at Layer 3.   The IP# you give a WAP is only for management purposes so you can get into the Management Interface to configure the device,...it has no bearing on anything else

_____________________________

Phillip Windell

(in reply to Budje)
Post #: 2
RE: Rule not working anymore - 30.Jan.2012 2:58:27 PM   
Budje

 

Posts: 3
Joined: 3.Jan.2012
Status: offline
Thanks for your reply.

But...it is solved allready.

I made no mistake with the router, it's perfectly functioning as a accesspoint now, I checked this functionality before buying this device, but honestly, I also think that this is possible with almost all standard routers, as long as you disable the DCHP service and of course don not use the WAN port, just one of the 4 LAN ports.

Also, my "DHCP/wifi" rule is just a name for a rule with a range of IP addresses in my LAN that normally are allowed on the internet.

The mistake I made, was that there was also a timetable set on this rule, and this was working perfectly, the rule was not allowed because the time passed at that time.

< Message edited by Budje -- 30.Jan.2012 2:59:35 PM >

(in reply to Budje)
Post #: 3
RE: Rule not working anymore - 30.Jan.2012 3:08:33 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
quote:

ORIGINAL: Budje
I made no mistake with the router, it's perfectly functioning as a accesspoint now, I checked this functionality before buying this device, but honestly, I also think that this is possible with almost all standard routers,


That is true.  It should be the case. But the difference between us is that you trust them to correctly do what their manufacturers claim they will do,....and I do not :-)

quote:


The mistake I made, was that there was also a timetable set on this rule, and this was working perfectly, the rule was not allowed because the time passed at that time.


Ok. Sounds good.

_____________________________

Phillip Windell

(in reply to Budje)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Rule not working anymore Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts