Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ISa firewall and a layer 3 switch Extreme

Status
Not open for further replies.
GigaG

GigaG

Technical User
Joined
Aug 28, 2007
Messages
83
Location
US
I have a DNS server and 2 webservers I would like to VLAN off into a layer 3 Extreme switch and vlan another subnet for the workstations. In doing this I thought that the switch would need to be the DG for each vlan doing routing between each other. The other thing is that I am using an ISA firewall which I am guessing wants to be the DG.... but when I set up the workstations to use the switch as default... I can ping everything, but can't get out to the internet.... HELP?

MCP ACA-I CTP
 
Sort by date Sort by votes
Hello GigaG:

I am having an extremely similar problem. Here's the setup:

SBS 2003 R2 Prem w/ ISA 2004 SP3 as EDGE Firewall. The server has 2 NICs, one connected to the Internet, the other is VLANed into 4 adapters: VLAN 10: Wired Clients, VLAN 20: Wireless Clients, VLAN 30: VPN Clients, and VLAN 40: VoIP. All these VLANs are trunked (tagged) to my internal NIC and to a port on the switch--which is a memeber of all 4 VLANs. The VLANs each have some other ports assigned to them on the switch (DELL PowerEdge 5324, which is 802.1q compliant).

Like you, I can ping every single internal network, however, I am unable to get to anything on the Internet. Even weirder, I can get to 'companyweb' the default SBS sharepoint site, but I am unable to get to my WSS3 site at located on the same server (so apparently, I can't resolve things in my own IIS server).

I've narrowed it down to these possibilities: 1) Firewall Access Policies (or Network objects or something) are not configured correctly; 2) System Policies on ISA are not configured correctly; 3) Something is not right with DNS, or 4) 2 & 3 together or all the above!

If anyone else could shed some light on this, it would be greatly appreciated!!

Craig E. Shea
IT Coordinator
TTEC
 
Upvote 0 Downvote
Looks like it's more of a DNS issue. Since you can ping everything, you just can't go to for instance. Check your DNS configuration. I'm having to do the same exact thing. I'll write more when I know more.

Craig E. Shea
IT Coordinator
TTEC
 
Upvote 0 Downvote
See my OP, here:


This was a request for help, but as you read down the post, you will see that my original post has the correct setup. Stupid me had 2 cables crossed (one might wonder if I had some other things crossed... :P hehe).

HTH


Craig E. Shea
IT Coordinator
TTEC
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Miluis
  • Locked
  • Question Question
How necessary is an antivirus?
Replies
3
Views
562
Rick998
Rick998
Tommy_T
  • Locked
  • Question Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
947
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question Question
navigation slow and tcp syc/ack drop
Replies
0
Views
733
Nitta84
Nitta84
TheFireman2
  • Locked
  • Question Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
512
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top