Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Anyone can get to the internet

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> RE: Anyone can get to the internet Page: <<   < prev  1 2 3 [4]
Login
Message << Older Topic   Newer Topic >>
RE: Anyone can get to the internet - 24.Jan.2004 7:56:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi ralphyost,

are you sure about the results or are there some typo's in! [Confused]
quote:

Ethernet Adapter Internal NIC:
DHCP Enabled: no
IP Address: 102.168.16.2
subnet mask 255.255.255.0
Default Gateway:
DNS Server : 192.168.16.2
Primary WINS Server 192.168.16.2

Ethernet Adapter External NIC Internet:
DHCP Enabled: no
IP Address: 102.168.1.1
subnet mask 255.255.255.0
Default Gateway: 192.168.16.2
DNS Server : 24.40.32.33
Primary WINS Server 192.168.16.2

Result table of ROUTE PRINT (remember that I was on a VPN to obtain this):
Actvie Routes:
NetworkDestination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 1
68.46.80.6 255.255.255.255 192.168.1.2 192.168.1.1 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
192.168.16.0 255.255.255.0 192.168.16.2 192.168.16.0 1
192.168.16.11 255.255.255.255 192.168.16.49 192.168.16.49 1 (my VPN)
192.168.16.49 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.16.255 255.255.255.255 192.168.16.2 192.168.16.2 1
224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
224.0.0.0 224.0.0.0 192.168.16.2 192.168.16.2 1
255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
Default Gateway 192.168.1.2
Persistent Routes: NONE
Also, are you running a DNS server on ISA itself? Can you still resolve external FQDN's?

BTW --- don't forget that if you want to test through a VPN connection, the VPN client must be a Web Proxy and Firewall client too to get out again. A SecureNAT client is not supported in this configuration.

HTH,
Stefaan

[ January 24, 2004, 08:07 PM: Message edited by: spouseele ]

(in reply to ralphyost)
Post #: 61
RE: Anyone can get to the internet - 24.Jan.2004 8:42:00 PM   
ralphyost

 

Posts: 64
Joined: 3.Dec.2001
From: Linwood, NJ USA
Status: offline 		Hi STefan:
There were two typos, but there were also two entries that are correct.
1. This entry above is CORRECT:
NetworkDestination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 1
2. The Ip addresses in IPCONFIG/ALL you pointed out were incorrect.
3. Default Gateway at the bottom is correct 192.168.1.2.
Here is the revised data:
Results of ipconfig /all:
Windows 2000 Configuration
Host name: acrmdell
primary DNS: acrm.local
NODE type: hybrid
IP routing enabled: yes
WINS Proxy enabled: no
DNS Suffix Search List: acrm.local

Ethernet Adapter Internal NIC:
DHCP Enabled: no
IP Address: 192.168.16.2
subnet mask 255.255.255.0
Default Gateway:
DNS Server : 192.168.16.2
Primary WINS Server 192.168.16.2

Ethernet Adapter External NIC Internet:
DHCP Enabled: no
IP Address: 192.168.1.1
subnet mask 255.255.255.0
Default Gateway: 192.168.16.2
DNS Server : 24.40.32.33
Primary WINS Server 192.168.16.2

Result table of ROUTE PRINT (remember that I was on a VPN to obtain this):
Actvie Routes:
NetworkDestination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 1
68.46.80.6 255.255.255.255 192.168.1.2 192.168.1.1 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
192.168.16.0 255.255.255.0 192.168.16.2 192.168.16.0 1
192.168.16.11 255.255.255.255 192.168.16.49 192.168.16.49 1 (my VPN)
192.168.16.49 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.16.255 255.255.255.255 192.168.16.2 192.168.16.2 1
224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
224.0.0.0 224.0.0.0 192.168.16.2 192.168.16.2 1
255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
Default Gateway 192.168.1.2
Persistent Routes: NONE

- content of the LAT:
Only one: 192.168..16.0 to 192.168..16.255

This is a Small Business Server 2000. It has its own DHCP server and DNS server function along with ISA server on the same machine.
Thanks
R.

(in reply to ralphyost)
Post #: 62
RE: Anyone can get to the internet - 24.Jan.2004 9:01:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi ralphyost,

I assume there are still some typo's:
- External NIC: Default Gateway: 192.168.16.2
- LAT: 192.168..16.0 to 192.168..16.255 (extra dots)

If the above are typo's then your interface settings and the LAT seems now to be correctly configured!

Next, thoroughly test out the DNS resolving of external FQDN's. Does it work? It is of no use to test further as long a you don't have a stable DNS infrastructure.

Also, do you see any ISA related errors/warnings in the Event log?

HTH,
Stefaan

(in reply to ralphyost)
Post #: 63
RE: Anyone can get to the internet - 24.Jan.2004 9:21:00 PM   
ralphyost

 

Posts: 64
Joined: 3.Dec.2001
From: Linwood, NJ USA
Status: offline 		StefaN:
Good news: Its all working now !
Yes, that was a type. It should have been 192.168.1.2 as you noticed correctly.
When I deleted the extra LAT entries and then tried the internet from the server, it didnt work. After a few minutes, I went back and checked the browser settings on the server. It was not configured to use the proxy. Once I did that, it worked fine.
Then I VPNed into a workstation (I use PCAnwywhere) and logged on LOCALLY, without authenticating to the server. Now I cant get out ! This is what I have been working for.
Thanks !
R.

(in reply to ralphyost)
Post #: 64
RE: Anyone can get to the internet - 24.Jan.2004 9:25:00 PM   
ralphyost

 

Posts: 64
Joined: 3.Dec.2001
From: Linwood, NJ USA
Status: offline 		All:
I want to express my sincere appreciation for all the help you all have provided me in the last week or two. You have helped me not only to solve my ISA Server problem, but also have helped me to learn a lot about some aspects of ISA Server that I would not have otherwise done.

I want you all to know that your kindness and effort has not gone unnoticed. Thank You all.
May the Lord richly bless you, as in Numbers 6:24-26.
Numbers 6:24-26
The LORD bless thee, and keep thee: The LORD make his face shine upon thee, and be gracious unto thee: The LORD lift up his countenance upon thee, and give thee peace.

R.

(in reply to ralphyost)
Post #: 65
RE: Anyone can get to the internet - 24.Jan.2004 10:54:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi ralphyost,

very glad to hear you got it working and thanks for the follow up and the nice words! [Smile]

Stefaan

(in reply to ralphyost)
Post #: 66

Page:   <<   < prev  1 2 3 [4] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> RE: Anyone can get to the internet Page: <<   < prev  1 2 3 [4]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts