cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
946
Views
0
Helpful
8
Replies

users cannot access internet

adamgibs7
Level 6
Level 6

Hello Dears,

LAN---Core Switch----Firewall---Internet router -----ISP

I want to know how users can go to internet by proxy server??? i have setup a LAN and Internet firewall with a natting for the internal users.Windows team has ISA server (proxy server) ,located in inside network, client workstation has specified a proxy server IP address in internet explorer browser, tools options.

what my understanding is when a users type's a yahoo.com in a browser,the browser looks for the proxy server ip address,the packet comes to default gateway (core switch SVI vlan interface) from there it routes to proxy server address.Proxy server do the lookup and forwards to its default gateway (again core switch SVI) from core switch default route to firewall and the packet is natted and sent out to internet router and so on to the ISP.

Can anybody explain me why the packets are not going to internet.what i m missing.

Cheers

8 Replies 8

paolo bevilacqua
Hall of Fame
Hall of Fame

Is this your first installation of the kind? Have you reviewed in depth all the relevant configuration and made sure they make sense to you ?

Hello Dear,

I know that ISA with 2 LAN cards internal and external are statically natted on firewall,to make internet access for users.But i want to clear my above thought,pls dont Embarrass me and make me understand where my thinking is wrong.

Experts guides students they don't Embarrass.

Your thinking is right, but most likely you have configured something wrong.

Do not worry, this happens often when an end user does the work of a network engineer.

Hopefully you will not be offended by this simple fact, and will not come back with undue statements as before.

Hello Dear,

I have posted for Expert's solution by knowing the mistake,can u make detailed explanation to make better understand of the problem. Nobody in the world is 100% and if so they r then thay have learned in this world.

Detailed explanation for what? How can I possibly know what you did wrong ?

You have not even said which diagnostic steps you took, if any.

Jon Marshall
Hall of Fame
Hall of Fame

Adam

i have setup a LAN and Internet firewall with a natting for the internal users

If the users are pointing to a proxy server then you don't need NAT for internal users, you just need to make sure that the proxy server is setup for NAT.

Have you tested connecting the web on the proxy server itself ie. does it have it's DNS setup correctly etc.

Jon

Hello Jon,

first i would thank u for ur prompt reply,

As per ur above mail guidance i have done the static natting for the ISA server which is placed on inside interface LAN. Users are now able to browse the internet.

Jon what are the best practices for ISA to place in the network if i m not wrong it shld be in the DMZ interface with a static natting???

In future we will have 2 No's ISA servers so what is the best practice for the setup,what my thinking is 1 in the inside interface and the other in the DMZ interface with static natted, Users who have put the proxy setting for ISA-1 will hit traffic to ISA-1 and then ISA-1 will forward traffic to ISA-2 which is located in DMZ. (in terms of windows config)

For sure i have to enable natting between the DMZ interface and the inside interface.

Awaiting ur reply.

Thanks

Hello Dears,

Can anybody guide me the best practices for users connecting internet.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: