[isalist] Re: Exclusions

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 18 May 2007 10:01:40 -0500

If the Firewall client machine sends to a destination that is not part
of the defintion of the ISA Firewall Network on which the client is
located, the Firewall client will remote the connection to the ISA
Firewall to send to another ISA Firewall Network (such as the default
External Network if there is no defined route on the ISA Firewall for
the destination Network).
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- Microsoft Firewalls (ISA)

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN
INTERLINK INFRA ASST MGR
        Sent: Friday, May 18, 2007 9:51 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Exclusions
        
        

        Ok, open my original email go to Edit/replace and replace "ISA
client" for "Microsoft Firewall client for ISA server 2004" J

         

        Regards

        Diego R. Pietruszka

        MSC (USA) - Interlink Transport Technologies

         

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
        Sent: Friday, May 18, 2007 10:44 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Exclusions

         

        What is the "ISA client"

         

        There is a FIREWALL client, SecureNAT (SecureNET) client, and a
Web proxy client.

         

        THERE IS NO "ISA CLIENT".

         

        HTH,

        Tom

         

        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://blogs.isaserver.org/shinder/
        Book: http://tinyurl.com/3xqb7
        MVP -- Microsoft Firewalls (ISA)

         

                 

________________________________

                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN
INTERLINK INFRA ASST MGR
                Sent: Friday, May 18, 2007 9:27 AM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Exclusions

                Good morning everybody (well, for most of you ;-) )

                 

                I have the following scenario:

                 

                Subnet 10.200.*.*(NY) and subnet 193.138.73.* (Geneva)
both are internals and connected with a router no ISA in the middle.

                For the NY users the Internet proxy (ISA 2004 array) is
on the 10.200.*.* subnet and they have the ISA 2004 client installed
configuring IE automatically.

                 

                The NY guys are trying to access a citrix server in
Geneva with IE, the Geneva range was included on the NY proxy array as
part of the internal network, also on the Web Browse TAB (internal
network properties) so the proxy is bypassed when accessing that subnet
and the subnet was also included on the routing table of both servers
members of the array.

                 

                The point is citrix failed to open a desktop session.
They can reach the login page and even login, but session failed to
open.

                 

                Now, if I disable the ISA client and manually add on IE
the Geneva subnet between the exclusions, everything works fine.

                 

                Any idea of what can be happening?

                 

                Regards

                Diego R. Pietruszka

                MSC (USA) - Interlink Transport Technologies

Other related posts: