[Wand3r3r]

Tazonline21 I have opened a thread for you since we do not do support via PM
################################################
I' m having the same PING problem again, it was ok for few days but now it has started again.. i can not ping some of the devices !!

i m attaching the complete network diagram and ipconfig /all for the servers so can you please guide me if there is any problem in the configurations.....

and secondly i can't disable the IP Routing on the Application server..

Network Overview:


Drawing1 by tazonline21
Drawing1 by tazonline21, on Flickr

the settings in regedit when i try to disable the IP Routing:

registry by tazonline21

registry by tazonline21, on Flickr

IPCONFIG /ALL results:

Application Server:
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : hp-server
Primary DNS Suffix . . . . . . . : sew.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sew.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7781 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-18-FE-7B-07-17
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

ISA Server:

Windows IP Configuration

Host Name . . . . . . . . . . . . : int
Primary Dns Suffix . . . . . . . : sew.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sew.com

Ethernet adapter ext:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : CNet PRO200WL PCI Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-08-A1-6A-1C-E9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.124
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 84.235.6.55
84.235.57.230

Ethernet adapter int:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-02-E3-57-C6-DF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

Active Directory:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ibm-server
Primary DNS Suffix . . . . . . . : sew.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sew.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-02-55-07-15-C8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

and on the Client side "Microsoft Firewall Client for ISA Server" is installed. Some of the users are assigned dynamic IP address through Modem's DHCP while for rest of them static IP address (192.168.1.10 - 192.168.1.50) is used..


What should be the Default Gateway set on the Clients
192.168.1.1(AD) or 192.168.1.2(ISA) ??


DNS on the clients is set to 192.168.1.1


I m really sorry these may be very basic questions but i really dont hav much knowledge abt it, we dont hav an IT expert in our company and i m only doing it as i hav some background in IT, otherwise its not my full time job..

Thanks for the support..

 

[Wand3r3r]

How did your ip addressing get so messed up?

First issue is if you have internet access you can't be getting it thru the ISA server with that ip addressing.

You can never have the same subnet on each side and be able to route. You need a different subnet between the router and isa server like 192.168.2.x

Concerning the application server you should be able to right mouse click on the nic in lan connections and have the choice to undo "share this connection". See if you have that option.

Internally you point dns to the dns server. We would assume that is the AD server not the ISA server. You need to see which is running the DNS server and then point to that ip as dns. It does appear 192.168.1.1 is your dns server.

No proper gateway for the dns server and it can't forward internet related requests.

Why do the two servers have no gateway entry? Understandable why the ISA server internal nic doesn't but the other two servers should have gateway entries

If your ISA server is truely the gateway it would be 192.168.1.2 for all lan clients as well as servers.

Review this guide for ISA. Note nics are North and South and one has public ip and the other private.

Configuring ISA Server Interface Settings.

 

[tazonline21]

@Wand3r3r Thank you very much for the help sir..

so first of all i should change the subnet for the external nic of the isa server.. but actually i just noticed one thing that there are few clients (mainly the GM and managers) who are directly connected to the modem !! please note that i forgot to show in the diagram that there are 2 links in the modem... one link is connecting the modem to the isa server(as shown in the dia.) and the other link is connecting the modem to one of the switches..
so there are few users that are using the internet directly and i really dont know why ! in this case if i change the subnet of the ISA server, so these particular clients wouldnt be able to access the local folders n printers.. so what do u suggest i should do in this case???

 

[Wand3r3r]

I have to assume the modem is a router. They are connected to the router to bypass the ISA filters.

You need to go to one of these "particular" clients and post the results of a ipconfig /all
If they have two nics its not a problem.

It will still come down to you can't use the ISA server with ip being the same on both sides. Simply can't happen. If they don't have two nics they need to stop connecting to the router and go thru the ISA server. You would need to make them a manager group and in ISA grant that group exception to the filter rules so they have full access.

You would need to consult the ISA documentation on how to do that.

I know the ISA server had to have been setup correctly at one point. Who undid the configuration? If its the bosses then why have the ISA server at all? You could just eliminate it completely and give everyone direct internet access. That does pose more risk but your managers are already supplying that risk.

 

[tazonline21]

yes u r absolutely rite but still how come everyone is connected to the internet !!
the clients who are directly connected to the ADSL Modem dont have 2 nics..

i m posting the ipconfig of one of the clients who are connected to internet thru ISA to check how they are connected to internet.. and the configurations in ISA have always been like this..

Windows IP Configuration

Host Name . . . . . . . . . . . . : mail-pc
Primary Dns Suffix . . . . . . . : sew.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sew.com

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-0A-CD-09-C4-11
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.69
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DNS Servers . . . . . . . . . . . : 192.168.1.1


should i post any settings from ISA Server??
and if the default gateway is left blank at the clients then is it connected to isa or the modem??

 

[Wand3r3r]

no gateway means no internet or not connected to either

yes post the results of the isa ipconfig /all
I can tell you the ISA server has to be bridged and is not routing nor can ISA work with this config as you can see if you read the isa link I provided.

 

[tazonline21]

Here is the result of ipconfig @ ISA

ISA Server:

Windows IP Configuration

Host Name . . . . . . . . . . . . : int
Primary Dns Suffix . . . . . . . : sew.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sew.com

Ethernet adapter ext:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : CNet PRO200WL PCI Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-08-A1-6A-1C-E9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.124
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 84.235.6.55
84.235.57.230

Ethernet adapter int:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-02-E3-57-C6-DF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1


and you are absolutely right.. the ISA can not work with these configs.. but still internet is working for all the clients that are connected thru ISA as well as directly thru modem, and i want to know how they are working even though logically its not possible !!


and secondly there is no "share this connection" option in the NIC of Application Server, for which i need to disable the IP Routing.. and if i disable it thru regedit.. the value of IPEnableRouter is already Zero(0) as shown in the first post...