Boy, that was mouthful. OK, lets see what we can do here. 1. Clients should have for DNS and Gateway the ISA server. 2. ISA DNS service Cache only (this is on Windows 2003 right?) with a specified domain forwarder configured to forward your internal domain name to your AD DNS server. 3. ISA DNS service Cache only with forwarders configured to go to your ISP DNS servers. 4. On your Internal AD DNS server, MAKE SURE IT IS NOT ACTING AS GOD! This means make sure it does not have a root domain, which is a period mark in the forward zones. One way you can tell is if you can configure forwarders on that server. If not, it has a root domain. You will have to delete that and restart the DNS service. 5. On your Internal AD DNS server, forwarders should be set up pointing to ISA server. 6. On ISA server, make sure you are allowing DNS Queries from all to all. If after checking all of the preceeding, internal clients still can not access the Internet, (Make sure you are allowing them to access through ISA,) do the following: 1. Point the clients DNS at your Internal AD DNS server. 2. Configure your AD DNS server for forwarders pointing at your ISP DNS servers. 3. Check to see if you can access the internet from your AD DNS servers. I am going to bed shortly, and will be around Saturday off an on. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxx] Sent: Friday, January 30, 2004 9:46 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Post ISA installation WOES...DNS...DNS...dns http://www.ISAserver.org I also changed the scope options to have the clients use the ISA server as their gateway. _____ From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxx] Sent: Saturday, January 31, 2004 12:38 AM To: [ISAserver.org Discussion List] Subject: [isalist] Post ISA installation WOES...DNS...DNS...dns http://www.ISAserver.org Made it through the quick start guide and either I obviously didn't succeed at following the directions or there's a step missing because for some reason NONE of my internal systems are able to access the internet. I changed the scope options on the DHCP server, which is NOT on the ISA server, to point the clients to the ISA server as the DNS server instead of my internal DNS/AD server, which also points to ISA as the gateway. I connect to my DSL account on the isa server and can only get internet access on the ISA server. My internal clients are unable to ping anything externally. The cache-only server that sits on the ISA server has had the ISP's DNS server IP's as its forwarder and the internal DNS server as it's forwarder with the ISP DNS IP's on the internal DNS server. Is there some other step that needs to be completed in the ISA management console to ensure the internal clients are getting out because it doesn't seem as though they are. Any responses are appreciated. Thanks ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')