Ping from within same LAN to ISA server

**zillah** · 05-21-2006, 05:28 PM

The ISA server that I have got is 2004 with 2 NICs, one of them it unplugged.

With that ISA server I can browse the net, but i am looking to let the PCs with the same LAN for the ISA, to ping the ISA server.

I am doing this test at lab at work.

The ip addresses for the LAN are within the range 198.230.164.x (dynamic through DHCP)

Is there any online resources show me how I can configure that ?

**zillah** · 05-22-2006, 01:08 PM

Any idea, thanks

**ua549** · 05-22-2006, 01:10 PM

Configure what?
Does the ISA server have a connection to the LAN with the other machines?
If so, simply open a CMD window and enter ping <ISA server ip address>.

**zillah** · 05-22-2006, 01:48 PM

Does the ISA server have a connection to the LAN with the other machines?

Yes if course it does.

If so, simply open a CMD window and enter ping <ISA server ip address>.

It did not work. I have tried this before I posted my thread here.

**ua549** · 05-22-2006, 02:40 PM

A little more information other than "it does" and "It did not work." would go a long way toward helping you.

If the server is connected to the other machines, what is the connection doing - print and file sharing? Is the server simply plugged into to LAN and there are no connections?

Do you ping using an ip or FQDN?

What error message do you get when you ping?

Is the ISA server blocking any ports?

If you open Windows Explorer from another PC and enter the ISA server's ip address preceded by 2 wacks, i.e., \\198.230.264.x), do you see the server and its shares? If not, what is the error?

**zillah** · 05-22-2006, 06:33 PM

If the server is connected to the other machines, what is the connection doing - print and file sharing? Is the server simply plugged into to LAN and there are no connections?

I am doing this as a test it is not a real production environment.

I am doing this test at lab at work.

I plugged the ISA server within a LAN at work , to test and implement different tasks with ISA server.

LAN has got public ip addresses (not private ip addresses), when I plugged the server, like any other machine on the LAN has been assigned ip address.

The ISA server can ping any machine on the LAN, but any machine can not ping ISA server

What I am looking for, I am looking to create policy similar to this:

Policy => Allow: ICPM (information); ICPM (TimeStamp); PING => FROM/Listener: Internal or protected networks => To: Internal or Protected networks => Condition: All Users

Here my confusion, I have got the ISA server with other PCs on LAN ,,,the range of ip addresses for this LAN (PCs and ISA server) are 198.227.164.x (dynamic ip addresses)

1- Now what option I have to choose for the first selection within Wizard window, which is:
"This rule applies to traffic from these sources:"

In my case the bold word "from" should refer to the range of ip addresses belong to the LAN ,,,Am I right ?

2- What option I have to choose for the second selection within Wizard window, which is:
"This rule applies to traffic sent to these destination:"

In my case I think it is the local host which means ISA server itself,,,,Am I right ?

Do you ping using an ip or FQDN?

ip address.

What error message do you get when you ping?

I will post it later

If you open Windows Explorer from another PC and enter the ISA server's ip address preceded by 2 wacks, i.e., \\198.230.264.x), do you see the server and its shares? If not, what is the error?

I will check this one as well.

**ua549** · 05-22-2006, 08:39 PM

It sounds like you do not have a route from the private address LAN network to the public address ISA server. If the ISA server only has a public address it cannot communicate with the private address LAN without DNS services between the two networks.

**ampleworks** · 05-23-2006, 10:14 AM

If he's pinging with an IP DNS doesn't mean anything. Likely the router doesn't have a route setup (static or dynamic) to do the private addresses but since the ISA server does have a gateway set, it's able to ping everything else.

**ua549** · 05-23-2006, 11:12 AM

DNS is not a factor in routing. A routing table contains no names, only addresses.
The routing issues are on the PCs not the server.

One can view a routing table by entering route print from a CMD window.

**vertices** · 05-23-2006, 08:01 PM

ISA by default is locked down.

Make an "Access Rule" to allow Ping from "Anywhere" to "Anywhere" for "All Users" just to get basic ping going from other hosts on the network to ISA.

Of course you can substitute "Anywhere" with any network you choose to define. I've suggested "Anywhere" just to make it easier for you to get up and going.

Access Rules are basically ACLs. Publishing Rules are more akin to port forwarding.

This is ISA at it's most basic and I suggest you go to www.isaserver.org to look up some standard deployment docs.

Thread: Ping from within same LAN to ISA server

Thread Tools

Display

Ping from within same LAN to ISA server

Posting Permissions