Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
no internet access via ISA 2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
no internet access via ISA 2004 - 26.Jul.2007 8:39:21 PM
|
|
|
orion4
Posts: 5
Joined: 26.Jul.2007
Status: offline
|
Hi Guys,
i'm having problems with getting internet up and running via ISA 2004 Std Ed, SP3.
the doamin controller is a W2K3 Std Ed R2 - which is running AD and DNS
i've been working on this problem for a week now and i cant seem to figure out why clients are unable to browse the internet, both via secure NAT and web proxy.
this is my setup:
<internet>-------------------<(1)Cisco 877(2)>--------------<(3)ISA(4)>------------<switch>--------<D.C(5)>------<client(6)>
each number in brackets corresponts to a NIC, and their details are listed below:
(1) - WAN port for cisco 877:
public IP address
(2) - LAN NIC for cisco 877:
IP: 10.80.0.1
(3) - External NIC of ISA:
IP: 10.80.0.2/24
D.G: 10.80.0.1
DNS: none
(4) - Internal NIC of ISA:
IP:10.70.0.1/24
D.G: none
DNS: 10.70.0.2 [domain controller]
(5) NIC of Domain controller:
IP: 10.70.0.2/24
D.G: 10.70.0.1
DNS: 10.70.0.2
(6) NIC of client PC
IP: 10.70.0.53/24
D.G: 10.70.0.1 [ISA]
DNS: 10.70.0.2 [domain contoller]
i havn't done too much more, just installed SP1, 2 and 3, with the HTTP fix.
i've opened ISA thought out, and allowed any any - opened up.
i can only browse from the local-host, not the clients
|
|
|
|
|
RE: no internet access via ISA 2004 - 27.Jul.2007 12:27:26 AM
|
|
|
mzakir
Posts: 151
Joined: 2.Apr.2007
Status: offline
|
Hi Orion,
pls check the below link & configure the same in your ISA box
http://www.elmajdal.net/isaserver/Internal_DNS_Forwarding.aspx
I think your problem will resolve...
Revert back on the same..
Best of Luck
_____________________________
Malek Zakir
MCP,MCSA:Security,MCSA:Messaging,MCTS,CCNA,DCH
|
|
|
|
|
RE: no internet access via ISA 2004 - 27.Jul.2007 1:36:58 AM
|
|
|
orion4
Posts: 5
Joined: 26.Jul.2007
Status: offline
|
Hi Malek,
I have already set up DNS forwarders and opened the firewall up (open all outbound traffic fro internal network).
on the client web browser i get: the page cannot be displayed - cannot find server or DNS error
The wierd thing is that it doen't even give any mention of isa what so ever
i noticed the following error in Alerts:
Alert Information
Description: ISA Server detected routes through the network adapter "Team - Inside" that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 10.70.1.0-10.70.255.255;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.
<br>ISA Server detected routes through the network adapter "Team - Outside" that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 10.70.1.0-10.70.255.255;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.
_________________________
team inside is: (4) - Internal NIC of ISA
team outside is: (3) - External NIC of ISA
the server has dual port nic's that are teamed. i find it odd that this error shows that team outside is associated with the same network ranges as inside (ie 10.70.1.0-10.70.255.255)
|
|
|
|
|
RE: no internet access via ISA 2004 - 27.Jul.2007 1:40:43 AM
|
|
|
orion4
Posts: 5
Joined: 26.Jul.2007
Status: offline
|
the problem is very wierd, i cannot access the internet from all clients internall, but i can from the local host
but i can do DNS lookups and trace routs are successful:
C:\>nslookup google.com
Server: svhq-dc01.domain.com
Address: 10.70.0.2
Non-authoritative answer:
Name: google.com
Addresses: 64.233.167.99, 72.14.207.99, 64.233.187.99
____________________
C:\>tracert google.com
Tracing route to google.com [64.233.167.99]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms wshq-pxy.domain.com [10.70.0.1]
2 1 ms <1 ms <1 ms 10.80.0.1
3 17 ms 17 ms 17 ms Loopback1.xxx.xxx.xxx.net [165.xxx.xxx.xxx]
4 19 ms * 19 ms 10GigabitEthernet0-1-0-2.xxx-xxx.xxx.xxx.xxx[203.xxx.xxx.1]
5 18 ms 18 ms 18 ms Port-Channel1.pad-gw2.xxx.xxx.net [203.xxx.xxx.29]
6 18 ms 18 ms 17 ms 10GigabitEthernet1-0.xxx-xxx.xxx.reach.com [203.xxx.xxx.46]
7 170 ms 171 ms 171 ms i-0-0.wil-core02.net.reach.com [202.84.144.101]
8 196 ms 177 ms 177 ms i-6-1.wil03.net.reach.com [202.84.251.174]
9 171 ms 184 ms 171 ms Google.peer.wil03.net.reach.com [134.159.62.26]
10 189 ms 189 ms 189 ms 209.85.248.216
11 243 ms 243 ms 244 ms 66.249.95.214
12 239 ms 239 ms 238 ms 66.249.94.135
13 238 ms 248 ms 252 ms 72.14.232.70
14 238 ms 238 ms 238 ms py-in-f99.google.com [64.233.167.99]
Trace complete.
|
|
|
|
|
RE: no internet access via ISA 2004 - 27.Jul.2007 2:51:15 AM
|
|
|
mzakir
Posts: 151
Joined: 2.Apr.2007
Status: offline
|
Orion, just check as Tarek has suggested.... & revert back for our info..
_____________________________
Malek Zakir
MCP,MCSA:Security,MCSA:Messaging,MCTS,CCNA,DCH
|
|
|
|
|
RE: no internet access via ISA 2004 - 30.Jul.2007 4:17:39 PM
|
|
|
shraneel
Posts: 3
Joined: 12.Jan.2007
Status: offline
|
I had the same problem when i installed Win Server 2k3 SP2 my R2 box with ISA 2k6.
Apparently, I was not able to access as a domain user. If i'm logged on as administrator of the domain, then i could. I removed SP2 from my ISA box. i haven't tried implementing the article suggested by Tarek.
I will try as well.
Shraneel
|
|
|
|
|
RE: no internet access via ISA 2004 - 30.Jul.2007 5:04:05 PM
|
|
|
elmajdal
Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi shraneel,
When you do it , please report back if this solved your problem
Thanks,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: no internet access via ISA 2004 - 30.Jul.2007 8:22:45 PM
|
|
|
orion4
Posts: 5
Joined: 26.Jul.2007
Status: offline
|
well, i have solved the problem. i had tried everything, even the registry change as mentioned above, but that still did not work.
i re-built the server with SP1 only, and that has fixed the problem.
thanks for your help, much appreciated
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
