Comments on: Getting started with Microsoft ISA Server 2006, Part 2: Environment Setup http://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/ Source of IT knowledge Thu, 09 Feb 2012 17:22:01 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Devinhttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-6568 Devin Fri, 18 Jun 2010 04:22:54 +0000 http://www.linglom.com/?p=956#comment-6568 Hakoo, It sounds to me like you have DNS issues primarily because you fixed it by manually specifying external DNS servers on the clients. This isn't correct though and as Linglom stated, the internal dns server should be forwarding the requests externally for the clients. If your servers network adapter is using external ip addresses, then ofcourse you will resolve internet addresses - this isn't correct though. Your server's network adapter should have its own ip address set for the dns server. This sounds a bit counter-intuitive, but I assure you it is standard procedure. This works because the DNS Server configuration should be set forward DNS to root servers (or another up-river dns server). I am somewhat taking a stab in the dark here since I don't actually know your configuration - I'm making some assumptions based off of what you already told us. With all that said - what I described is a fairly standard setup and by no means the be-all-end-all. Your configuration will depend on what you are doing and how you are doing it. There are many, many ways to configure things. Hope that helps, Devin Hakoo,

It sounds to me like you have DNS issues primarily because you fixed it by manually specifying external DNS servers on the clients. This isn’t correct though and as Linglom stated, the internal dns server should be forwarding the requests externally for the clients.

If your servers network adapter is using external ip addresses, then ofcourse you will resolve internet addresses – this isn’t correct though. Your server’s network adapter should have its own ip address set for the dns server. This sounds a bit counter-intuitive, but I assure you it is standard procedure. This works because the DNS Server configuration should be set forward DNS to root servers (or another up-river dns server).

I am somewhat taking a stab in the dark here since I don’t actually know your configuration – I’m making some assumptions based off of what you already told us.

With all that said – what I described is a fairly standard setup and by no means the be-all-end-all. Your configuration will depend on what you are doing and how you are doing it. There are many, many ways to configure things.

Hope that helps,
Devin

]]> By: linglomhttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-6567 linglom Fri, 18 Jun 2010 04:06:21 +0000 http://www.linglom.com/?p=956#comment-6567 Hi, Hakoo I think the same as Devin. You need to ensure that your DNS Server is configured to forward queries to external DNS Server or not. Or you may add alternate IP Adddress of the external DNS as you are doing, using DHCP to assign would be easier than manually configure each computer as the same as the sample of this post. Hi, Hakoo
I think the same as Devin. You need to ensure that your DNS Server is configured to forward queries to external DNS Server or not. Or you may add alternate IP Adddress of the external DNS as you are doing, using DHCP to assign would be easier than manually configure each computer as the same as the sample of this post.

]]> By: Hakoohttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-6542 Hakoo Wed, 09 Jun 2010 13:09:14 +0000 http://www.linglom.com/?p=956#comment-6542 Hi devin, Thanks for your reply , here my confusion is If my internal dns server configuration is wrong means how it is resolving web sites and other services , trough my ISA Proxy server I can browse successfully . The problem related only for mail receiving trough outlook. when I check outlook status I can see sending is completed and receiving getting failed , The same dns server environment I have experience with my previous Linux based proxy server , it was working fine and users can access email trough outlook .any idea ? Hi devin,
Thanks for your reply , here my confusion is If my internal dns server configuration is wrong means how it is resolving web sites and other services , trough my ISA Proxy server I can browse successfully . The problem related only for mail receiving trough outlook. when I check outlook status I can see sending is completed and receiving getting failed , The same dns server environment I have experience with my previous Linux based proxy server , it was working fine and users can access email trough outlook .any idea ?

]]> By: Devinhttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-6541 Devin Wed, 09 Jun 2010 05:14:28 +0000 http://www.linglom.com/?p=956#comment-6541 Hakoo, I'm not sure if I understand correctly, but it sounds like you have your internal DNS setup incorrectly. Your internal DNS server should be forwarding DNS externally and all clients should be using the internal DNS server for resolution. For this reason, the isa server would need to allow dns requests from the dns server internally to send outgoing dns requests. It sounds like you may also allow all outgoing requests from the internal network (this is setup by default in some situations). If this is the case, you shouldn't need to setup another rule. Otherwise, if access is being filtered more stringently, you will need to take care about what rules you setup, and how you set them up. Lastly, I cannot tell entirely, but I think you may be mixing up POP3 with SMTP. If users are receiving via POP3, they should be sending via SMTP. This is a separate rule you will need to take care of (only if you aren't already allowing all outgoing traffic). Hakoo,

I’m not sure if I understand correctly, but it sounds like you have your internal DNS setup incorrectly. Your internal DNS server should be forwarding DNS externally and all clients should be using the internal DNS server for resolution.

For this reason, the isa server would need to allow dns requests from the dns server internally to send outgoing dns requests.

It sounds like you may also allow all outgoing requests from the internal network (this is setup by default in some situations). If this is the case, you shouldn’t need to setup another rule. Otherwise, if access is being filtered more stringently, you will need to take care about what rules you setup, and how you set them up.

Lastly, I cannot tell entirely, but I think you may be mixing up POP3 with SMTP. If users are receiving via POP3, they should be sending via SMTP. This is a separate rule you will need to take care of (only if you aren’t already allowing all outgoing traffic).

]]> By: Hakoohttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-6540 Hakoo Wed, 09 Jun 2010 05:04:56 +0000 http://www.linglom.com/?p=956#comment-6540 Hi ling lom , My name is hakoo, working as a system administrator here I have success fully configured ISA 2006 server for my 80 users everything is working fine users can browse properly schedule is working fine my each & every rules are working fine except email receiving issues, even I send email to any person trough outlook without any problem (that mean problem related only sending issues ),let me explain my first email server environment this mail server is hosted in USA Normally we are accessing trough outlook or thunderbird by POP3 . Due to this case I have created new firewall rule for pop3 , in that rule it is allowing for all users internal network to any where full time ,and I have created external DNS lookup rule also but still the same issues , we cannot receive any email from outside trough outlook After my experiment I found that problem related in DNS, for testing purpose we configured on client user side manual IP address and internal DNS server plus alternate DNS server( alternate DNS server I put public DNS server something 4.2.2.2.5) after that I can receive email trough outlook without any problem In this case how we can solve the issues,your great help highly appreciated. With regards Hakoo Hi ling lom ,
My name is hakoo, working as a system administrator here I have success fully configured ISA 2006 server for my 80 users everything is working fine users can browse properly schedule is working fine my each & every rules are working fine except email receiving issues, even I send email to any person trough outlook without any problem (that mean problem related only sending issues ),let me explain my first email server environment this mail server is hosted in USA Normally we are accessing trough outlook or thunderbird by POP3 .
Due to this case I have created new firewall rule for pop3 , in that rule it is allowing for all users internal network to any where full time ,and I have created external DNS lookup rule also but still the same issues , we cannot receive any email from outside trough outlook
After my experiment I found that problem related in DNS, for testing purpose we configured on client user side manual IP address and internal DNS server plus alternate DNS server( alternate DNS server I put public DNS server something 4.2.2.2.5) after that I can receive email trough outlook without any problem In this case how we can solve the issues,your great help highly appreciated.

With regards
Hakoo

]]> By: Jamil Shah Afridihttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-6467 Jamil Shah Afridi Wed, 19 May 2010 12:38:42 +0000 http://www.linglom.com/?p=956#comment-6467 Thank you so much for such a nice informative web site. Thank you so much for such a nice informative web site.

]]> By: linglomhttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-5856 linglom Thu, 11 Feb 2010 03:32:38 +0000 http://www.linglom.com/?p=956#comment-5856 Hi, Palanikumar Yes, you can install ISA Server 2006 on a server with a NIC card. However, ISA Server can perform as a proxy server only. Hi, Palanikumar
Yes, you can install ISA Server 2006 on a server with a NIC card. However, ISA Server can perform as a proxy server only.

]]> By: Palanikumarhttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-5793 Palanikumar Tue, 09 Feb 2010 11:34:24 +0000 http://www.linglom.com/?p=956#comment-5793 Hi, I am just new to this ISA 2006 technology and I want to install ISA2006 server but I have some doubt. can I install ISA 2006 in windows 2003 server with 1 NIC card? Regards, Palanikumar Hi,

I am just new to this ISA 2006 technology and I want to install ISA2006 server but I have some doubt.

can I install ISA 2006 in windows 2003 server with 1 NIC card?

Regards,
Palanikumar

]]> By: linglomhttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-4844 linglom Wed, 04 Nov 2009 05:10:28 +0000 http://www.linglom.com/?p=956#comment-4844 Hi, Devin I believe that there are many configuration types to make ISA Server operates. On the example, I want most configurations on the ISA Server as possible and there are few clients on the network so I assume most communication will access to the Internet. Running DNS on ISA Server? I have never try once. I should be suitable in small organization which has limited budget. Hi, Devin
I believe that there are many configuration types to make ISA Server operates. On the example, I want most configurations on the ISA Server as possible and there are few clients on the network so I assume most communication will access to the Internet.

Running DNS on ISA Server? I have never try once. I should be suitable in small organization which has limited budget.

]]> By: Devinhttp://www.linglom.com/2009/09/28/getting-started-with-microsoft-isa-server-2006-part-2-environment-setup/comment-page-1/#comment-4833 Devin Sat, 31 Oct 2009 22:17:40 +0000 http://www.linglom.com/?p=956#comment-4833 Hi LingLom, I'm curious as to why you setup external DNS servers as secondary and tertiary servers on the internal side of the isa server... Wouldn't it be preferable to just relay ALL dns requests to your DC and allow that to use root hints if external resolution is needed? Also, did you experiment at all running DNS directly on the ISA server? I've seen this recommended numerous times for ISA Client routing. Hi LingLom,

I’m curious as to why you setup external DNS servers as secondary and tertiary servers on the internal side of the isa server…

Wouldn’t it be preferable to just relay ALL dns requests to your DC and allow that to use root hints if external resolution is needed?

Also, did you experiment at all running DNS directly on the ISA server? I’ve seen this recommended numerous times for ISA Client routing.

]]>