ISA and Internet Access win2003

I have installed ISA (for testing purpose in the Lab) 2004 on windows 2003 SP1 Desktop (with two NICs).

It is obvoius that I can not access the net after installing ISA (before there was no problem), since there is firewall which is by default denies every thing.

The server by itself, there is no clients,,,,

What I did, I created another rule to enable the server to access the net, but it did not work!!!

i could not figured out where was my mistake.

Thanks

I'm sorry but i fail to understand exactly what you have tried so far.. could you try and be a little more detailed or clear as to what your actions were ?

And could you try and describe your setup a little more clearly. What kind of firewall are you using software or hardware ? can you ping out at all ? whats the output of a netstat on the server ?

Thanks oneMSBi

When we installed ISA, under "Firewall Policy" there is default policy rule under which dnies every thing.

I created this rule without any success
Allow > All Outbound Traffic > From All Networks (and Local Host) > To External > All Users

Did you apply the new rule after you created it? and did you make sure that the order of the rules placed your new rule above the deny rule?

Yes I did.
1- Did I configure the rule in the right way ? may be I have done some mistake which I was not aware of it.

can you make a screen dump and mail to me? or you can have a look at the list of computers that you are allowing. There are wizards that you can also run to allow accass to computers on the local lan side of the ISA server.

What I did I made slight change to the rule

It was:
Allow > All Outbound Traffic > From All Networks (and Local Host) > To External > All Users

The new one is :
Allow > All Outbound Traffic > Local Host > To External and Local Host > All Users

Now it is working.

Do you thing the rule should be like what I have configured ?

The rule you have now is better. The one you had was to open and would be ignored. What you need to do is to define the devices and users that are allowed to access the Internet through the ISA server. Then only allow them. You will find this the best way. If you want to allow only certain resources, you will have to use the granular approach to access.

Now I have got another PC (say A) within the same LAN that ISA server resides, how can I enable that PC A to ping ISA server ?

Allow ICMP protocol responces on the ISA server.

When I want to do selection for the option "This rule applies to", I have got three choices:

1- All outbound traffic
2- Selected protocols
3- All outbound traffic except selected.

Does that mean I have to choose selected protocol and choose the icmp only (I have got two of them ICMP Information Request and ICMP Timestamp) ?

Under option "This rule applies to traffic form these sources" how can I choose only the ip address for PCA ?

Policy => Allow: ICPM (information); ICPM (TimeStamp); PING => FROM/Listener: Internal or protected networks => To: Internal or Protected networks => Condition: All Users

Thanks polarbearsa


Here my confusion, I have got the ISA server with other PCs on LAN ,,,the range of ip addresses for this LAN (PCs and ISA server) are 198.227.164.x (dynamic ip addresses)

1- Now what option I have to choose for the first selection within Wizard window, which is:
"This rule applies to traffic from these sources:"

In my case the bold word "from" should refer to the range of ip addresses belong to the LAN ,,,Am I right ?


2- What option I have to choose for the second selection within Wizard window, which is:
"This rule applies to traffic sent to these destination:"

In my case I think it is the local host which means ISA server itself,,,,Am I right ?

By the way if I have created rule for allowing ping, where should i put this rule ? first one in the list or second ?