RE: Post ISA installation WOES...DNS...DNS...dns

• From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 30 Jan 2004 23:02:39 -0800

Boy, that was mouthful.

 

OK, lets see what we can do here.

 

1.      Clients should have for DNS and Gateway the ISA server.
2.      ISA DNS service Cache only (this is on Windows 2003 right?) with a
specified domain forwarder configured to forward your internal domain name
to your AD DNS server.
3.      ISA DNS service Cache only with forwarders configured to go to your
ISP DNS servers.
4.      On your Internal AD DNS server, MAKE SURE IT IS NOT ACTING AS GOD!
This means make sure it does not have a root domain, which is a period mark
in the forward zones. One way you can tell is if you can configure
forwarders on that server. If not, it has a root domain. You will have to
delete that and restart the DNS service. 
5.      On your Internal AD DNS server, forwarders should be set up pointing
to ISA server.
6.      On ISA server, make sure you are allowing DNS Queries from all to
all.

 

If after checking all of the preceeding, internal clients still can not
access the Internet, (Make sure you are allowing them to access through
ISA,) do the following:

 

1.      Point the clients DNS at your Internal AD DNS server.
2.      Configure your AD DNS server for forwarders pointing at your ISP DNS
servers.
3.      Check to see if you can access the internet from your AD DNS
servers.

 

I am going to bed shortly, and will be around Saturday off an on.

 

John Tolmachoff

Engineer/Consultant/Owner

eServices For You

 

-----Original Message-----
From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxx] 
Sent: Friday, January 30, 2004 9:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Post ISA installation WOES...DNS...DNS...dns

 

http://www.ISAserver.org

I also changed the scope options to have the clients use the ISA server as
their gateway. 

 

  _____  

From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxx] 
Sent: Saturday, January 31, 2004 12:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Post ISA installation WOES...DNS...DNS...dns

 

http://www.ISAserver.org

Made it through the quick start guide and either I obviously didn't succeed
at following the directions or there's a step missing because for some
reason NONE of my internal systems are able to access the internet. I
changed the scope options on the DHCP server, which is NOT on the ISA
server, to point the clients to the ISA server as the DNS server instead of
my internal DNS/AD server, which also points to ISA as the gateway. I
connect to my DSL account on the isa server and can only get internet access
on the ISA server. My internal clients are unable to ping anything
externally. The cache-only server that sits on the ISA server has had the
ISP's DNS server IP's as its forwarder and the internal DNS server as it's
forwarder with the ISP DNS IP's on the internal DNS server. Is there some
other step that needs to be completed in the ISA management console to
ensure the internal clients are getting out because it doesn't seem as
though they are.

 

Any responses are appreciated.

Thanks

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marvc@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » Post ISA installation WOES...DNS...DNS...dns
• » RE: Post ISA installation WOES...DNS...DNS...dns
• » RE: Post ISA installation WOES...DNS...DNS...dns
• » RE: Post ISA installation WOES...DNS...DNS...dns
• » RE: Post ISA installation WOES...DNS...DNS...dns
• » RE: Post ISA installation WOES...DNS...DNS...dns
• » RE: Post ISA installation WOES...DNS...DNS...dns

1. Home
2. isalist
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---