• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

No dataflow through client nor server with ISA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> No dataflow through client nor server with ISA Page: [1]
Login
Message << Older Topic   Newer Topic >>
No dataflow through client nor server with ISA - 3.May2004 1:22:00 PM   
Equinox74

 

Posts: 5
Joined: 3.May2004
From: Australia
Status: offline
Hi there,

I am plagued with problems at the moment trying to get dataflow through my ISA server to the internet. I have setup a server running Windows 2000 with ISA. I have included a basic diagram denoting the WAN / LAN setup (-> means 'goes to')

I have set up the LAT to be 192.168.0.1 - 192.168.0.198

I had it running successfully this morning & received internet access through all the PC's on the network (I have installed the ISA client on each PC & have at this stage setup a single Protocol rule stating all outbound access is allowed at any stage.

I then restarted the 2000 Server machine & now I cannot get any dataflow through the NIC going to the ADSL Router. The router is not set as a DHCP server, so it cant be that playing with the settings. I have spoken with some collegues & they all come out with different answers as to what (if any) the Gateway settings for each NIC need to be.

It is almost like the network card drivers for the NIC going to the ADSL router are corrupted but I have removed & re-installed them to no avail.

Any ideas?
"[Frown]"
(diagram below)

ADSL Router
IP: 192.168.0.200
Subnet Mask: 255.255.255.0

->

Server (Windows 2000 running ISA)
NIC 1 (Goes to ADSL Router)
IP: 192.168.0.199
Subnet Mask: 255.255.255.0
Gateway: 192.168.0.200
Primary DNS: 192.168.0.11
Secondary DNS: 203.12.160.35

->

NIC 2 (Goes to switch)
IP: 192.168.0.199
Subnet Mask: 255.255.255.0
Gateway: 192.168.0.199
Primary DNS: 192.168.0.11
Secondary DNS: 203.12.160.35

->

Switch

->

Domain Controller (win 2003 Enterprise)
IP: 192.168.0.11
Subnet Mask: 255.255.255.0
Gateway: 192.168.0.74
Primary DNS: 192.168.0.11
Secondary DNS: 203.12.160.35

->

PC 1
IP: 192.168.0.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.0.74
Primary DNS: 192.168.0.11
Secondary DNS: 203.12.160.35

->

PC 2
IP: 192.168.0.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.0.74
Primary DNS: 192.168.0.11
Secondary DNS: 203.12.160.35

->

PC 2 (etc)
IP: 192.168.0.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.0.74
Primary DNS: 192.168.0.11
Secondary DNS: 203.12.160.35
Post #: 1
RE: No dataflow through client nor server with ISA - 3.May2004 8:53:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Equinox74,

you seems to have couple of configuration problems!

First of all, the internal and external interface of ISA server *must* be on different Network ID's (or subnets if you like). In your case the internal and external interface belongs to the Network ID 192.168.0.0/24.

Secondly, I see that the default gateway on your internal hosts point to '192.168.0.74' and that's *not* the ISA internal interface (nic2)! So, you should fix that too.

I suggest you also read Jim's excellent article http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html .

HTH,
Stefaan

(in reply to Equinox74)
Post #: 2
RE: No dataflow through client nor server with ISA - 4.May2004 2:28:00 AM   
Equinox74

 

Posts: 5
Joined: 3.May2004
From: Australia
Status: offline
Thanks for the quick reply Stefaan,

I guess my question is then this:

My router (A Billion 741GE) only has the ability to forward ports on the same IP range as the WAN. For example, I had it previously setup as:

WAN IP Range (ADSL Router & 2000 Server): 10.0.0.*
LAN IP Range (PDC & other internal PC's): 192.168.0.*

Having it setup this way meant I had absolutely no issues with DNS resolution & access to my domain & the internet. But there was one big problem that I am not sure is resolvable.

I wanted to forward ports from the ADSL Router to my internal network, but the modem only gives the option to forward ports on the same IP range. Because my ADSL Router was setup in the 10.0.0.* range, I could only forward to those ports, not to the IP range of my internal network.

Is there a way to do this with ISA?
I apologise if my explanation isnt clear!

Regards,
Equinox

(in reply to Equinox74)
Post #: 3
RE: No dataflow through client nor server with ISA - 4.May2004 10:14:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Equinox,

if I understand your question correctly, you want to allow inbound traffic to some internal hosts for some particular services. In ISA terminology that's called web and server publishing. For more info I suggest you check out the ISA help file first.

Keep in mind that you have to publish a particular service (i.e. SMTP, FTP, WWW) running on an internal host and you can't publish an internal host as such (all possible services).

HTH,
Stefaan

(in reply to Equinox74)
Post #: 4
RE: No dataflow through client nor server with ISA - 24.May2004 12:13:00 PM   
Equinox74

 

Posts: 5
Joined: 3.May2004
From: Australia
Status: offline
Sorry about the delay Spousele, I had to reformat a few PC's!

I have changed the IP ranges (I reformatted every system & started from scratch!)

I have setup the internal IP range on 192.168.1.1 - 192.168.1.252 & the external IP range on 192.168.1.253 - 192.168.1.254

The LAT in ISA has seperated them effectively & I no longer have the issues with only being abl to forward to one range via the ADSL router.

Thanks for all the advice! I do have one more problem, but this probably isnt the forum for the issue.

Regards,
Equinox

(in reply to Equinox74)
Post #: 5
RE: No dataflow through client nor server with ISA - 24.May2004 12:13:00 PM   
Equinox74

 

Posts: 5
Joined: 3.May2004
From: Australia
Status: offline
Sorry about the delay Spousele, I had to reformat a few PC's!

I have changed the IP ranges (I reformatted every system & started from scratch!)

I have setup the internal IP range on 192.168.1.1 - 192.168.1.252 & the external IP range on 192.168.1.253 - 192.168.1.254

The LAT in ISA has seperated them effectively & I no longer have the issues with only being abl to forward to one range via the ADSL router.

Thanks for all the advice! I do have one more problem, but this probably isnt the forum for the issue.

Regards,
Equinox

(in reply to Equinox74)
Post #: 6
RE: No dataflow through client nor server with ISA - 25.May2004 8:18:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Equinox,

I'm sorry, but I think that your configuration is still not valid. Assuming your ISA internal IP is 192.168.1.1 with subnet mask 255.255.255.0 then your ISA external interface still belongs to the same Network ID. Keep in mind that the internal and external interface of ISA server *must* be on different Network ID's (or subnets if you like).

HTH,
Stefaan

(in reply to Equinox74)
Post #: 7
RE: No dataflow through client nor server with ISA - 27.May2004 1:54:00 AM   
Equinox74

 

Posts: 5
Joined: 3.May2004
From: Australia
Status: offline
Hi again Stefaan,

It seems to be working though! I go to GRC.com & try shields up on various ports etc & it all seems to be in stealth mode. I can also access web pages etc with no issues, as I setup an all outbound allow rule under protocol rules.

Could it just be a freak occurance?

Regards,
Equinox

(in reply to Equinox74)
Post #: 8
RE: No dataflow through client nor server with ISA - 30.May2004 4:52:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Equinox,

I can only tell you that, as long as the internal and external interface of ISA server are not on different Network ID's (or subnets), your basic ISA configuration is invalid! So, I suggest you fix that first.

HTH,
Stefaan

(in reply to Equinox74)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> No dataflow through client nor server with ISA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts