Welcome to ISAserver.org

RE: SECURENAT where are you ?

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> RE: SECURENAT where are you ?

Page: << < prev 1 [2]

Message

<< Older Topic Newer Topic >>

RE: SECURENAT where are you ? - 2.Aug.2002 1:20:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Neo,

to enable the forwarders in your DNS configuration, check out http://www.isaserver.org/pages/articles.asp?art=54 . You put in there the IP addresses of your providers DNS servers.

The packet filters you need are:
1) make sure the predefined DNS filter is enabled.
2) create a new custom one very simular as the predefined DNS filter, but use instead IP protocol = TCP and Direction = Outbound.

To test the configuration, from the SecureNAT client do a nslookup for an external name. If it still doesn't work, check out the IP packet filter log to find out what is being blocked.

BTW --- yep, I'm from the Dutch speaking part of Belgium. However, I must admit that my English is far better then my French. [Big Grin]

HTH,
Stefaan

(in reply to neo_mat)

Post #: 21

Featured Links*

RE: SECURENAT where are you ? - 4.Aug.2002 12:22:00 PM

neo_mat

Posts: 14
Joined: 3.Jul.2002
Status: offline

out http://www.isaserver.org/pages/articles.asp?art=54
Configuring the DNS Server to use a Forwarder, i cannot enable this sreen ! (fowarder is disable)

it still doesn't work, check out the IP packet filter log to find out what is being blocked.
I have check it and all is ALLOWED Dialout and i have just put 1 pc with a cross wire and my ip is 192.168.0.1 and the only client is 192.168.0.2 and i cannot find it's adress in the log file.

(in reply to neo_mat)

Post #: 22

RE: SECURENAT where are you ? - 4.Aug.2002 3:01:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Neo,

your DNS server is probably configured as a DNS root server. Remove the root zone (displayed as '.') and the forwarders tab should become available.

Also, keep in mind that by default ISA is logging only denied packets in the IP Packet Filter log. For testing purposes, you can change that behaviour in the IP Packer Filters properties.

BTW --- I'm going now on vacation. If you need further assistance, I hope somebody else will drop-in.

HTH,
Stefaan

(in reply to neo_mat)

Post #: 23

RE: SECURENAT where are you ? - 7.Aug.2002 7:09:00 PM

neo_mat

Posts: 14
Joined: 3.Jul.2002
Status: offline

OK I have do all and nslookup work on my clients !
They can resolve external adresses:

nslookup www.google.fr
Serveur�: myserver.domaine.microsoft.com
Address: 192.168.0.1

R'ponse ne faisant pas autorit'�:
Nom�: www.google.com
Address: 216.239.51.101
Aliases: www.google.fr

But they cannot ping , they find the adresse but there is not responce.
And the more important i cannot go on the Internet
THANKS

(in reply to neo_mat)

Post #: 24

RE: SECURENAT where are you ? - 10.Aug.2002 4:02:00 AM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi neo,

You need to enable IP Routing on the ISA Server and then make the clients SecureNAT clients.

HTH,
Tom

(in reply to neo_mat)

Post #: 25

RE: SECURENAT where are you ? - 17.Aug.2002 9:09:00 AM

neo_mat

Posts: 14
Joined: 3.Jul.2002
Status: offline

Ip routing is already enable and clients are configured as securenat clients.

In fact i think the problem is not specific to ISA server , i have try 3 product which allow NAT , Sygate,winroute, and last wingate.I have spend a long time to follow the differents tutorial and i arrive on the same result.
clients can resolve internal and external sever but there no respond for the ping (the time is exeded),when you try IE6, he find the adrees IP and he make a long time to try to dyspaly the page but 2 minutes he failed to open the page.

For example, just after the install of wingate (and after the first reboot) wingate is first configured to allow NAT and the dhcp is enable with the right fonctions.
on the history i can see request for clients in order to give an ip(dhcp) and the differents page request.

In order to test the differents software , i have try my "servers" with 98 , 2000 and XP

and my clients are XP or 2000.

thanks.

(in reply to neo_mat)

Post #: 26

RE: SECURENAT where are you ? - 17.Aug.2002 11:44:00 AM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Neo,

you are confusing me! What has Sygate, Winroute, and Wingate to do with ISA? [Confused]

Do you have a clean ISA installation? What type of ISP connection do you have?

HTH,
Stefaan

(in reply to neo_mat)

Post #: 27

RE: SECURENAT where are you ? - 19.Aug.2002 8:34:00 AM

neo_mat

Posts: 14
Joined: 3.Jul.2002
Status: offline

Yes i have a clean install of ISA.

Winroute, sygate, wingate are just little software with NAT,firewall possibility.
Don't be affraid ISA is not installed with the others softwares and ICS enable.

In fact i have ghost image (backup)!

Do you understand , and what i have try is another software which allow NAT also.
And in fact i have discovered that it's not a probleme with ISA but it's my PC (all software don't want to do NAT).
My PC cannot do NAT i don't know why, i have try on another PC and the NAT work(with wingate) i will take the time to install Win 2000 and ISA on the same PC and will try secureNAT.

My provider is wanadoo.

(in reply to neo_mat)

Post #: 28

RE: SECURENAT where are you ? - 19.Aug.2002 8:33:00 PM