Re: Need help preparing for ISA install

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 6 Jan 2004 05:52:10 -0800

You have to remember; nslookup only speaks to one DNS server; if you were to 
"ping bellsouth.net", you'd probably get the correct IP address based on your 
stated IP settings.

When Windows is asked to resolve a name, it uses all of the defined name 
resolvers until either a match is found or a "doesn't exist" is returned.  When 
nslookup is used, it only queries the default name server and stops with that.

Also, ISA in cache mode doesn't support Firewall or SecureNAT clients.  If you 
wnat those, you'll have to reinstall (from add/remove) in either Firewall or 
Integrated mode.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
  ----- Original Message ----- 
  From: Marvin Cummings 
  To: [ISAserver.org Discussion List] 
  Sent: Tuesday, January 06, 2004 00:22
  Subject: [isalist] Need help preparing for ISA install


  http://www.ISAserver.org

  Wondering if I can enlist some help from the list in preparing my network for 
ISA 2000 Ent.? I initially tried to follow the quick-guide and the cache-only 
dns tutorial but ran into some problems getting internet access to my secureNAT 
clients. I found that after installing ISA I had internet access on the server 
without having to configure any rules. I also found that whenever I attempted 
to nslookup external resources I kept getting DNS timeout errors. So before I 
reinstall ISA I want to take a minute and see if I can get DNS properly 
configured before proceeding. As of right now I'm using my linksys with the 
default configuration. I'm using the Configure ISA Server Interface Settings 
tutorial and running into problems after setting up the interfaces as 
suggested: 

  South - Internal Interface first North - External Interface second

  North - External Interface: 

  Uncheck Client for Microsoft Networks & File and Printer Sharing.

  Use the following IP address: 

  IP: 123.123.123.170

  Subnet: 255.255.255.248

  Gateway: 123.123.123.169

  DNS is empty

   

  Click Advanced.

  Click DNS tab: uncheck "Register this connection's.

  Click WINS tab: uncheck "Enable LMHosts lookup

  Select "Disable NetBIOS over TCP/IP

  Click OK

   

  South - Internal Interface: 

  Check Client for Microsoft Networks & File and Printer Sharing.

  Use the following IP address: 

  IP: 192.168.1.50

  Subnet: 255.255.255.0

  Gateway: 0.0.0.0

  DNS: 

  Preferred DNS server: 192.168.1.40 - Internal AD DNS server

   

  Click Advanced.

  Click DNS tab: check "Register this connection's.

  Click WINS tab: uncheck "Enable LMHosts lookup

  Select "Enable NetBIOS over TCP/IP

  Click OK

   

  My internal DNS is configured as follows: 

  Interfaces tab: IP of internal DNS server

  Forwarders tab: IP's of BellSouth DNS servers

  Secure only selected 

   

  Now I create a dial up connection for my DSL account and connect the external 
nic cable to my DSL modem. I'm able to connect to the internet and perform 
nslookup on internal resources, but when I try to nslookup anything external I 
get the following error: 

  > nslookup bellsouth.net or 205.152.37.254

  Server: myserver.mydomain.com

  Address: 192.168.1.40

   

  DNS request timed out.

   Timeout was 2 seconds.

  DNS request timed out. 

   Timeout was 2 seconds. 

  *** Request to myserver.mydomain.com timed-out

  C:\>

  What am I missing here? Prior to this I'm able to nslookup internal and 
external resources. 

  Any responses are appreciated. 

   

   

   

  ------------------------------------------------------
  List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
  ------------------------------------------------------
  Other Internet Software Marketing Sites:
  Leading Network Software Directory: http://www.serverfiles.com
  No.1 Exchange Server Resource Site: http://www.msexchange.org
  Windows Security Resource Site: http://www.windowsecurity.com/
  Network Security Library: http://www.secinf.net/
  Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts: