Hi Greg, You may be able to get this to work if you use the Firewall client. You definitely cannot use the SecureNAT config. The reason for this is that the SecureNAT client connections are not proxied, so instead of the ISA Server sending the response, the server sends the response. Since the SecureNAT client was expecting a response from the ISA Server, it drops it. I explored this subject in detail in my blatherings in the ISA Server and Beyond book. Why must the internal clients use the public address? The Exchange 2000 IRC server doesn't require this, and I can't imagine its that sophisticated. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] Sent: Thursday, February 06, 2003 9:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Here's a good one http://www.ISAserver.org ;-) I've installed a new IM server in my internal network. This IM server in order to work correctly for internal and external, users must be able to resolve the host name to the same IP. Let me see if I can explain this.... The server is running on an internal machine (10.0.0.30) Our internal DNS server points im.nfti.com to 12.32.70.211 Our external DNS will point im.nfti.com to 12.32.70.211 How would I setup my filters to allow internal users to go out and back in allowing the ports required for the IM connection? ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, February 06, 2003 10:23 PM Subject: [isalist] RE: Here's a good one http://www.ISAserver.org Hi Greg, OK, now that we got that settled, what was the problem? :-) Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] Sent: Thursday, February 06, 2003 9:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Here's a good one http://www.ISAserver.org Tom, This is correct. The ISA server also takes the request for 111.111.111.111 and forwards to the internal address 10.10.10.1 greg ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, February 06, 2003 10:06 PM Subject: [isalist] RE: Here's a good one http://www.ISAserver.org Hi Greg, Sounds like it. So, you internal users and ISA Server are using the internal DNS server to resolve names and the external users are using the ATT DNS server to resolve names. So the external user resolves irc.domain.com to 111.111.111.111 and your internal users resolve it to 10.10.10.1. Right? Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] Sent: Thursday, February 06, 2003 8:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Here's a good one http://www.ISAserver.org Tom, AT&T handles DNS for my external resources (web,mx,ftp etc..) I also run a DNS server on my internal network behind my ISA server for internal resources. Is this not split DNS? Anything external to my network is forwarded to AT&T to resolve via the forward I have set on the internal DNS. External requests for internal resources are sent to the External Interface of the ISA server and sent through the published rule to it's internal address. Thanks Greg ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, February 06, 2003 8:29 PM Subject: [isalist] RE: Here's a good one http://www.ISAserver.org Hi Greg, You do not want to loop back through the ISA Server. Configure a split DNS and directly access the IRC box. I did this last week and there's no reason to twist through the ISA Server to access internal resoruces. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] Sent: Thursday, February 06, 2003 5:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] Here's a good one http://www.ISAserver.org Folks, I sure could use some help with a little problem of mine which I can't seem to figure out. I've installed a new IM server in my internal network. This IM server in order to work correctly for internal and external, users must be able to resolve the host name to the same IP. Let me see if I can explain this.... The server is running on an internal machine (10.0.0.30) Our internal DNS server points im.nfti.com to 12.32.70.211 Our external DNS will point im.nfti.com to 12.32.70.211 How would I setup my filters to allow internal users to go out and back in allowing the ports required for the IM connection? For external users I figure I would just publish the server maybe? would that be correct? Thanks for your help! Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')