retreiving email through ISA server

[tosh124]

Hi all,
I am having a problem retreiving email via outlook and ISA server. I have checked the forum and there is another topic similar, but that hasn't really helped. the details are

-the ISA server has it's own seperate box on an existing domain.(192.168.0.2)
-the clients are served via DHCP (DNS server 192.168.0.1. gateway is 192.168.0.2)
-current setup is W2K server with DNS enabled. (192.168.0.1)
-the root "." zone has been removed from forwarding in the DNS tab
-forwarding has been setup on the PDC,
Do I need to set up DNS on the ISA server? It is already integrated into the forest & I thought that was enough. I thought that the BDC server (ISA) should pick up all of the settings from the PDC)

can anyone please offer any guidance?
TIA
Colin

 

[Knutern]

Is your DNS forwarding requests to your ISP's DNS Server? If so, try nslookup from any client to verify it works. Off course, you need to have defined a DNS Lookup rule (Protocol Rule) to allow outgoing DNS Lookups from your internal network.

"Out of the Box" installation of ISA Server will let you use Outlook to gather and send e-mails through ISA Server, i.e. no application filter disables outlook.exe from reaching the internet.

You need to define Protocol Rules for POP3/IMAP (whatever your provider services) for download of message and SMTP for sending messages.

Cheers
Knut Erik

 

[Knutern]

Came to think of it, if you are going to use Outlook on your ISA Server, then you need to define Packet Filters and not protocol rules.

Cheers
Knut Erik

 

[nhidalgo]

You will need to set the client pc's default gateway to the isa servers internal ip address. also make sure you have protocol rules allowing Pop3 and smtp.

Nick

 

[Knutern]

Or use the firewall client and ignore default gateway.

Knut Erik

 

[tosh124]

Hi all,
sorry its taken me so long to respond, but the passcheck on the board wouldn't let me in!

>Is your DNS forwarding requests to your ISP's DNS Server? >If so, try nslookup from any client to verify it works. >Off course, you need to have defined a DNS Lookup rule (Protocol Rule) to allow outgoing DNS Lookups from your internal network.

the forwarding on the tab is set to the IPS DNS server. I did try an nslookup, without success. I haven't set up an ns lookup rule tho. I'll try again later and repost on that one.

>You need to define Protocol Rules for POP3/IMAP (whatever >your provider services) for download of message and SMTP >for sending messages.

I checked the rules and there appears to be one to allow outbound traffic and another to allow inbound traffic on port 80. However both of those are greyed out and will not let me adjust them.

>Came to think of it, if you are going to use Outlook on >your ISA Server, then you need to define Packet Filters >and not protocol rules.

I will not actually be using Outlook on the server, just the clients will need to access their pop boxes remotely.

>You will need to set the client pc's default gateway to >the isa servers internal ip address. also make sure you >have protocol rules allowing Pop3 and smtp.

the clients are set to pick up the gateway (they can all browse the net). Not sure if the rules I mentioned above are all actually working tho. I think I'll re-create them later & then try.

>Or use the firewall client and ignore default gateway.

sorry, I don't follow you on this one. Could you please expand?

many thanks for your suggestions. I will try them all in a couple of hours at home on my test system and re-post later.

thanks again.
regards
Colin

 

[Knutern]

On your internal DNS-Server you have defined a forward address as far as I can see. In order for your DNS-Server to be able to lookup, you need to have a protocol rule which let's DNS Lookup requests go through. Alternatively have nslookup using the ISPs DNS Server and see whether your request goes through - in NSLookup enter "server 1.2.3.4" where 1.2.3.4 is the IP of you ISPs DNS.

Then, create a protocol rule - each outgoing - SMTP, POP3 and/or IMAP.

In order to allow SMTP, POP3, IMAP (outgoing) you do NOT need to creat rules that allow incoming traffic. Incoming on Port 80 (TCP) would be HTTP.

ISA Server comes with a firewall client. If you install the firewall client on client PCs, you don't need to have default gateway entered, since the Firewall client knows either the name or IP of the ISA Server (a name requieres DNS Server or some other means to resolve it).

Cheers
Knut Erik

 

[tosh124]

Hi Knutern,
I have tried as you suggested, without success. That said when I try to view the properties of the rule it gives me the following error message
"this functionality requires to be configured for use with ISA server. The RPC server is unavailable"
when I check the rpc server it has stopped and does so erractically.
any ideas?
thanks
Colin

 

[tosh124]

sorry that should be
"ISA server cannot load the property page"
"this functionality requires to be configured for use with ISA server. The RPC server is unavailable"
thanks
Colin

 

[tosh124]

Hi all,
it appears I have a number of errors. the isa server during config seems to drop out and just close.
the rpc server seems to stop and require a restart without any sort of pattern.
I still cannot ping/nslookup from the client or isa server despite setting a protocol rule one the server to allow everything.
bearing in mind that the isa server is a clean build I somewhat mystified.
can anyone please shed any light on this before I go mad!
TIA
Colin

 

[nhidalgo]

I would uninstall isa. Reinstall your current service pack for windows. The reinstall isa, Isa Service Pack1, and Isa feature pack and then try setting up the protocol rules.

Nick

 

[tosh124]

Hi all,
I think i've found part of the problem. I have contracted the lovsan.a virus, hence the issues with the rpc server. I've almost sorted that out, and will try again tomorrow to uninstall & re-install ISA server and then see what happens (btw I am on SP3).
thanks for your continuing support
kind regards
Colin

 

[tosh124]

Hi all,
finally sussed it!!
Very silly error. The clinets were set the correxct default gateway, however the PDC was set to look at itself!!
ah well we all live and learn!
thanks to everyone for your help
best wishes and a very merry xmas to you all
regards
Colin

 

[12345671]

Can you give me some suggestion to check for my problems? I do need to finish this ISA proxy problem soon, thanks in advance. I am waiting your reply impatiently.

My configuration:

1. win2K server installed with ISA ( integrated mode):
one public IP for Internet connection,
one private ip 192.168.0.1,
DHCP server and DNS server.
DNS is only configured with forwarder function, listen 192.168.0.1 and forward to ISP's DNS

Protocol rule: all open, apply to any request

2.clientnot firewall client)
use 192.168.0.1 as DNS,
IE use proxy server192.168.0.1 and 8080 port.

Internet connection on client works fine no matter the site and content is all open or apply to specific users and groups.

Problem:
Client behind ISA server can not use outlook express to receive email from ourside POP3 server.

Is it related with DNS? but I only set forwarder functions. When I use nslookup,

the message is: cannot find server name for address 192.168.0.1 non-existent domain

Please give me any suggestion. BTW, what is the RPC server, is it related with this?

 

[tosh124]

Hi,
on the face of it your server setup appears correct, much the same as my error!
The RPC is a remote procedure call and it is vital to the net connection (I think it maps the requests to the clients). I checked mine by trying to connect to the net whilst having the windows services open and refreshing the tabs after each attempt. It was just luck that I found the virus though.
In respect of the nslookup, I found that it wasn't really required in this instance as when I rebuilt the server & it didn't work correclty I could still download the mail. No idea why, but that's what happened.

Are you using dhcp? If so what are the settings you are using, both on the client and the scope options?
can you ping

http://www.yahoo.com

from a command box on your client? It will check the forwarding on the DNS server.
Problem is, that I have put the server on the clients network and cannot remember exactly what I did. I'll help as much as I can but...

cheers
Colin

 

[12345671]

Yes, I use DHCP. ISA server is also the DHCP server, whose internal network is 192.168.0.1-192.168.0.254. The client PCs use "dynamically get IP address", but they use the ISA internal interface as DNS.

When I ping

http://www.yahoo.com

from a SecureNAT client, it was time out, but I got the IP address of

http://www.yahoo.com.

One thing is: When the site& content, protocol rules are all open, the secureNAT client can access Internetn can use outlook express to check email from outside POP3 server, can use FTP client to connect other FTP server. But when I chose " sepcific users and groups" in the "apply to" tabs in the site and content, then users has to input theie user names and password to connect to web site, and client can not use FTP and email. Is it ture that only firewall client can use user-based control? For secureNAT client, they can only work with open rule if they want to use FTP and POP3?

The problem for me is that: we want to monitor each users' net useage on our intranet, we have PCs, iMacs. So We can not use firewall client on iMac.

BTW, I scan my ISA sever, didn't find virus.