I need some help, I want to connect to a pop3 server outside my isa firewall, I setup a pop3 protocol rule, and can connect to the pop3 server using the IP, but not the name of the server. I would like to connect using the name, and would like to find out how to do this, I would also like to use name resolution for other activities like ping etc... and assume if I can fix it for one I'll fix it for all! :)
The problem is that I cannot get name resolution on pc's other than the ISA server to work. Everything works if I use IP's, but not FQDN. Any ideas of what I should do?
> I need some help, I want to connect to a pop3 server outside my isa > firewall, I setup a pop3 protocol rule, and can connect to the pop3 server > using the IP, but not the name of the server. I would like to connect using > the name, and would like to find out how to do this, I would also like to > use name resolution for other activities like ping etc... and assume if I > can fix it for one I'll fix it for all! :)
Hi, Pieter. I'm afraid I cannot help you directly without knowing a little more on your configuration, but I'll give you some general guidelines:
first of all, be very careful about detailing your network configuration on a newsgroup. Hackers are out there looking for such info and will use it to destroy you.
I guess you don't have an internal DNS server and using the one your ISP has assigned to you. So the ISA server knows who's his DNS and can query it, but your clients cannot do the same. In general, it's a good idea to have an internal DNS server, but if you're not familiar with the technology, it might put you in danger. If you DO have an internal DNS server, it might not be able to connect to his forwarder or the root DNS servers - you can use the windows utility NSLOOKUP to do some diagnostics. Hope you know how. Basically, if the ISA server is able to see the DNS, then it's supposed to do the name queries for it's clients, but it may be problematic for applications other than IE. If you don't have the ISA Firewall Client installed on the client that you'r testing from, try it - it solves many many problems.
Good luck!
Erez Ben-Ari ISA Server Product Team
Please do not send email directly to this alias. This alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights.
> The problem is that I cannot get name resolution on pc's other than the ISA > server to work. Everything works if I use IP's, but not FQDN. Any ideas of > what I should do?
> > I need some help, I want to connect to a pop3 server outside my isa > > firewall, I setup a pop3 protocol rule, and can connect to the pop3 server > > using the IP, but not the name of the server. I would like to connect > using > > the name, and would like to find out how to do this, I would also like to > > use name resolution for other activities like ping etc... and assume if I > > can fix it for one I'll fix it for all! :)
Generally, ISA should be doing the name resolution automatically. The clients do not even have to have a DNS setting, as I understand it. Just point them at the default gateway and make sure that ISA's external interface is getting the correct DNS setting (you already said it could resolve names) and you should be done. Firewall clients do not need even a default gateway setting. If you have an internal DNS then internal clients should be pointed to it *only* (no using the external address as a secondary DNS) and it should be configured with forwarders pointing to the external DNS address. -- JB Fields of JB Fields & Associates, LLC MCT, CTT+, MCSE, A+ jbfie...@msn.com www.jbfields3.com "So, everything in the world is a metaphor for something else?"--el Postino
> The problem is that I cannot get name resolution on pc's other than the ISA > server to work. Everything works if I use IP's, but not FQDN. Any ideas of > what I should do?
> > I need some help, I want to connect to a pop3 server outside my isa > > firewall, I setup a pop3 protocol rule, and can connect to the pop3 server > > using the IP, but not the name of the server. I would like to connect > using > > the name, and would like to find out how to do this, I would also like to > > use name resolution for other activities like ping etc... and assume if I > > can fix it for one I'll fix it for all! :)
Thanks for the response, I've been able to get everything to work by setting up my workstations with SecureNAT, ie setting the Default Gateway to the ISA internal NIC ip and using the ISP DNS servers on my workstation NIC's, this makes everything work for me!
> The problem is that I cannot get name resolution on pc's other than the ISA > server to work. Everything works if I use IP's, but not FQDN. Any ideas of > what I should do?
> > I need some help, I want to connect to a pop3 server outside my isa > > firewall, I setup a pop3 protocol rule, and can connect to the pop3 server > > using the IP, but not the name of the server. I would like to connect > using > > the name, and would like to find out how to do this, I would also like to > > use name resolution for other activities like ping etc... and assume if I > > can fix it for one I'll fix it for all! :)
