Re: pinging wrong ip address
- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 27 Oct 2003 22:27:59 +0100
Sorry if I'm being blatanly ignorant here :) Why excactly is it that DNS
settings shouldn't be made on the external NIC?
> -----Original Message-----
> From: Kincer, Rick [mailto:Rick_Kincer@xxxxxxxxxx]
> Posted At: Monday, October 27, 2003 10:21 PM
> Posted To: www.isaserver.org
> Conversation: [isalist] Re: pinging wrong ip address
> Subject: [isalist] Re: pinging wrong ip address
>
>
> http://www.ISAserver.org
>
> Hi Tom,
>
> I agree, it is best not to have DNS settings on the external
> NIC, I recall
> that from your book and other articles but I thought I'd give
> the other
> route a whirl...<g>.
> I just read Jim's article again, so with having split DNS
> servers that I
> could place, on the internal NIC, the inside DNS server IP
> first and then
> the external DNS server IP second? The external DNS server IP
> would use a
> 10. address, not the external public address. So I would need
> to make sure
> the external DNS server IP segment address is in the LAT
> table to make sure
> ISA still routes local? I've had it set the normal way, the
> inside NIC set
> to the internal DNS servers for both first and second
> selection but if there
> is a better way I'm all for trying it.
>
>
> And of course once we switch the domain from NT to AD I'll
> have to think of
> it all over again...<g>
>
> Thanks again!!,
>
>
> Rick
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, October 21, 2003 4:52 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: pinging wrong ip address
>
> http://www.ISAserver.org
>
> Hi Rick,
>
> Unless you're using a dial up connection, don't set a DNS
> server on the
> external interface.
>
> HTH,
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
>
> -----Original Message-----
> From: Kincer, Rick [mailto:Rick_Kincer@xxxxxxxxxx]
> Sent: Tuesday, October 21, 2003 2:07 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: pinging wrong ip address
>
>
> http://www.ISAserver.org
>
> Jim,
>
> Thank you for the direction, I've been working on something
> similar. One
> question though, there's always that one question.....
>
> Lets say we have a public website "www.our_domain.com" but we want our
> users
> to use the internal 10. IP addresses to get to the website and bypass
> proxy.
> We set the IE clients to "Bypass proxy for local addresses" and in the
> advanced we specify "10.*; our_domain.com". This will ensure that the
> internal users get routed directly to the internal server
> without going
> through ISA.
>
> Now for the rub......If I were to set the DNS as you mentioned in the
> article "Configuring DNS Settings" on that great website
> www.isaserver.org,
> being that the internal NIC is set for the internal DNS server and the
> outside NIC is set for the outside DNS server, would it cause
> a problem
> if:
>
> 1) The users deselected the "Bypass proxy for local addresses".
> 2) The users go to the ourdomain.com website.
> 3) The internal DNS is off line.
> 4) The external DNS server is used to resolve the name.
> 5) The users receive the external IP, which ISA sees as
> external, to get
> to
> the website.
>
> Wouldn't that just send the user through the ISA server? Possibly
> causing a
> problem with authentication?
>
>
> Don't laugh, I really have to field this question....
>
>
> Thank you,
>
> Rick
>
>
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Tuesday, October 21, 2003 8:52 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: pinging wrong ip address
>
> http://www.ISAserver.org
>
> Stop / restart the Firewall service.
> The FW and Web Proxy services maintain their own DNS caches and these
> maintain entries for ~6 hours.
> Take a read in the client articles I left on
> www.isserver.org; it's much
> too
> detailed for an email posting.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
>
>
> On Tue, 21 Oct 2003 13:05:15 +0200
> "Luqman Achmat" <luqman@xxxxxxxxx> wrote:
> http://www.ISAserver.org
>
> Hi everyone
>
> A service provider recently changed their ip address of a
> telnet server
> outside of our network and since then I cannot connect/telnet to this
> server.
>
> Problem - With my MS firewall client enabled: When I do an nslookup of
> the dns name, I get the correct resolution to ip address. But
> when I do
> a ping of the dns name, it still tries to ping the OLD ip address.
>
> Any ideas why the ping would still try and ping the old ip
> address with
> my FWClient enabled?
>
> Luq
>
> p.s. With my MS firewall client disabled: When I do an nslookup of the
> dns name, I get the correct resolution to ip address. When I do a ping
> of the dns name, it pings the correct ip address.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
>
> All mail from this domain is virus-scanned with RAV.
> www.ravantivirus.com
>
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> rick_kincer@xxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> rick_kincer@xxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: isaserver@xxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
Other related posts:
