Can ping from ISA server but not SNAT client - 19.Apr.2002 5:31:00 PM
I can ping external sites from ISA Server but not a SNAT client - client returns timeout.
ISA is in integrated mode I have ticked force packet filtering on array I have ticked enable ip routing in the IP Packet filter properties I have created a packet filter enabling ICMP ping query (Default external, Any, ICMP, Outbound, 8, 0) I have an ping response in filter as well.
Logs The Packet Filter log has the following error: <date>,<time>,SNAT IP,dest IP,ICMP,8,0, BLOCKED Dialout
This seems to imply that the packet filter is preventing the ping leaving the ISA server but I cannot see why. Any ideas?
RE: Can ping from ISA server but not SNAT client - 19.Apr.2002 6:19:00 PM
Thanks for the quick reply. I read the article you pointed to, this seems to concentrate on ensuring that I have enabled ip routing, as noted in my first post this is enabled. So unfortunately I am none the wiser, any other ideas?
you are sure the default packet filters are enabled (see also KB article Q274568)? Have you already checked the Event viewer for errors and warnings? Also, check de LAT and that no default gateway is set on ISA internal interface.
If the ISA packet filter log still shows the packets being blocked, then there must be something wrong with the ICMP packet filters or the ISA setup?
Even I'm facing the similar problem as Mark. I AM able to ping & tracert & NSlookup from ISA box With SNat clients Nslookup is working FINE, however tracert and ping is NOT working on SNat clients. I have tried all the things that have been discussed above in this topic and other topics. Still I fail to figure out what's wrong with the configuration. Also the Application Log in Event viewer on my ISA box shows 14120 error.
Is that why my mail server(Exch 2000) is not able to send and receive mails to and from outside my local network???
on these client machines that you are trying to ping/traceroute from, what is the DNS & gateway pointing at? Make sure the Gateway is the ISA box. You can try the DNS as that as well. I had similar problems when I had the clients configure through a different gateway & not the isa server.
I finally was able to get this working. I re-installed the ISA server and re-cofigured all the Access Policies and filters etc. However the problem I guess was with LAT. I could see a different enteries in the LAT after and before re-installation.