Easy ISA?? Converting from NAT to ISA

[Bob Staber]

I am running regular Win2k NAT and I installed ISA on this box and my
clients behind the NAT were no longer able to get out to the Internet. I
went through the configuration of the ISA tried to "open" it up but to no
avail. I am sure it is something simple but...???? I uninstalled the ISA
and all is well. What am I missing???

Thanks
Bob

[Thomas W Shinder]

A good firewall shouldn't be too easy to configure, or else it might be less
secure :-)

If you want ISA to act like your NAT Server, you'll need to do a couple of
things:

1. Confirm the Site/Content rules allow everybody to access everything.

2. Set up protocol rule that allows all IP traffice, at all times and
applies to everyone.

3. If you're using a dial-up connection, make sure your routing rules and
firewall chaining are set up to use the dial-up connection, and

4. Make sure you've create the dial-up entry in your Policy Elements

HTH,

Tom
www.isaserver.org/shinder

"Bob Staber" <bst...@hotmail.com> wrote in message
news:arNb6.329$bC.2...@nntp2.onemain.com...

[Rob Macleod]

You need to remove/disable RRAS unless it is acting as your network router
as well as your internet gateway router.
If you are using it as your network router remove all the native NAT on RRAS

"Bob Staber" <bst...@hotmail.com> wrote in message
news:arNb6.329$bC.2...@nntp2.onemain.com...

[Bob Staber]

OK I checked all of the ISA elements and I have it opened up correctly but
since I have a cable modem I don't need a dial up policy. Right???

Bottom line: ISA is "breaking" the RRAS component. As soon as I install ISA
my clients are not getting there DHCP addresses from the the NAT.

What do I need to change in NAT (RRAS) after ISA server is installed on it
to provide DHCP addresses to internal clients????

Thanks
Bob
"Thomas W Shinder" <tshi...@hotmail.com> wrote in message
news:#OSlcTphAHA.1280@tkmsftngp04...

[Bob Staber]

OK I checked all of the ISA elements and I have it opened up correctly but
since I have a cable modem I don't need a dial up policy. Right???

Bottom line: ISA is "breaking" the RRAS component. As soon as I install ISA
my clients are not getting there DHCP addresses from the the NAT.

What do I need to change in NAT (RRAS) after ISA server is installed on it
to provide DHCP addresses to internal clients????

Thanks
Bob
"Thomas W Shinder" <tshi...@hotmail.com> wrote in message
news:#OSlcTphAHA.1280@tkmsftngp04...

[Bob Staber]

Are you talking about removing the native NAT and using the secureNAT????

I think you are onto something because when I install the ISA server DHCP is
no longer being supplied to my internal clients.

"Rob Macleod" <r...@frontpage-webs.net> wrote in message
news:uX7LYErhAHA.1676@tkmsftngp04...

[Thomas W Shinder]

Hi Bob,

Yikes! I completely missed where you said that you were using RRAS NAT! Go
into the RRAS Console and disable the Routing and Remote Access Service. If
ISA Server needs to use components of RRAS, it will start it for you and
configure things such as the virtual interfaces for VPN connections.

After you disable RRAS, restart the Web Proxy and Firewall Services. If that
doesn't work, restart the computer.

HTH,
Tom
www.isaserver.org/shinder

"Bob Staber" <bst...@hotmail.com> wrote in message

news:4sEc6.464$9m.14...@nntp3.onemain.com...

[Bob Staber]

I'll try that now.

Thanks
Thomas

"Thomas W Shinder" <tshi...@hotmail.com> wrote in message

news:e5JHqfJiAHA.1932@tkmsftngp05...

[Bob Staber]

OK I just tried what you said and no go. ;-(((

My clients still are not getting an IP from the box after the ISA is
installed. I disabled the RRAS and restarted the Web proxy and Firewall
services **and** rebooted the box still no IP to clients.

Thanks for your help so far. I feel like I am very close.

Bob
"Thomas W Shinder" <tshi...@hotmail.com> wrote in message

news:e5JHqfJiAHA.1932@tkmsftngp05...

[Bob Staber]

Any suggestions I will be glad to try.

I just tried to enable RRAS and went through the wizard:

1. select "Internet Connection server"
2. Setup a router w/ NAT
3. use the selected connection for internet
4. Enable basic name and address services
5. address assignment range

Still nothing......no IP to clients

"Thomas W Shinder" <tshi...@hotmail.com> wrote in message

news:e5JHqfJiAHA.1932@tkmsftngp05...

[Thomas W Shinder]

After disabling RRAS, you need to configure the Host IP addresses manually,
and install a DHCP Server that is accessible to the DHCP clients. If all the
client are on the segment, you can just install the DHCP Server on that
segment. If some of the clients are remote to the DHCP Server, inable DHCP
Relay or BootP forwarding.

HTH,

Tom
www.isaserver.org/shinder

"Bob Staber" <bst...@hotmail.com> wrote in message

news:LGGc6.7926$Tb.15...@nntp1.onemain.com...

[Bob Staber]

Weird...

Are you saying ISA is not compatible with the older components of NAT like
the ability to supply a "cut down " version of DHCP to clients.

Now I need to install the full blown DHCP server on this box??? I'll try
that right this second.

Thanks for you help so far

Bob
"Thomas W Shinder" <tshi...@hotmail.com> wrote in message

news:Ogpy#jKiAHA.1436@tkmsftngp02...

[Thomas W Shinder]

Yes. ISA whacks all the components of the RRAS NAT Server, including the
DHCP allocator component. So, you have to install a DHCP Server or manually
configure the IP addressing information.

Tom

"Bob Staber" <bst...@hotmail.com> wrote in message

news:qoHc6.496$9m.15...@nntp3.onemain.com...

[Rob Macleod]

Yes, thats correct.

"Bob Staber" <bst...@hotmail.com> wrote in message

news:EwEc6.466$9m.14...@nntp3.onemain.com...