Ha Ha! It worked! Time to write up an article on this and provide some virtual tissue to handle the crying :) Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, February 09, 2006 9:06 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 SP2 and Direct Access http://www.ISAserver.org YIKES!!! That really suX0RS. Now I need to take all the IP addresses out of my Direct Access List, because I have no idea how stable the addresses of Internet servers are that have their FQDNs included in the Direct Access list. BEGGING: is there a way to turn off this feature? Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, February 09, 2006 1:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 SP2 and Direct Access http://www.ISAserver.org http://support.microsoft.com/kb/903746 ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Thursday, February 09, 2006 06:45 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 SP2 and Direct Access http://www.ISAserver.org Can you re-send the KB link? Or was it private? t ----- "I don't want their respect, I want their obedience." Dr. Thomas W. Shinder, M.D. ----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, February 09, 2006 6:27 AM Subject: [isalist] RE: ISA 2004 SP2 and Direct Access > http://www.ISAserver.org > > I sent a link to the KB. > There are no changes to autodetection; just how the script it provides > causes the browser to behave. > > Stefaan - lemme know your case #, will you? > > -------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > -------------------------------------------- > -----Original Message----- > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > Sent: Thursday, February 09, 2006 12:38 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA 2004 SP2 and Direct Access > > http://www.ISAserver.org > > I feel strange answer from Jim already because he keeps saying > the script to populate IP adress into direct access list but > that IP address range is for protected network only, he has not > answered anything about this new SP2 Autodection merchanism... > > >> Hi Tom, >> >> No comments from Jim? That's strange... >> >> Stefaan >> >> -----Original Message----- >> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] >> Sent: woensdag 8 februari 2006 18:21 >> To: [ISAserver.org Discussion List] >> Subject: [isalist] RE: ISA 2004 SP2 and Direct Access >> >> http://www.ISAserver.org >> >> Hi Stefaan, >> >> Ha! I thought I was going crazy when I kept saying that SP2 broke > Direct >> Access. I'm glad you're seeing the same thing. I thought perhaps it > was >> something whack with my test bed. >> >> Tom >> >> >> Thomas W Shinder, M.D. >> Site: www.isaserver.org >> Blog: http://spaces.msn.com/members/drisa/ >> Book: http://tinyurl.com/3xqb7 >> MVP -- ISA Firewalls >> >> >> -----Original Message----- >> From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx] >> Sent: Wednesday, February 08, 2006 10:42 AM >> To: [ISAserver.org Discussion List] >> Subject: [isalist] ISA 2004 SP2 and Direct Access >> >> http://www.ISAserver.org >> >> Hey guys, >> >> There is a change in behavior if you configure sites for direct access > (ISA >> Internal Network properties -> Web Browser). It doesn't work the same > as in >> SP1! >> >> This is the configuration: a workstation with the Firewall client > installed >> and IE configured with the routing script. >> >> 1. If you configure only the IP range for direct access: >> a) a request by FQDN in IE is sent as a Web Proxy client request. >> b) a request by IP in IE is sent as a Firewall client request. >> >> 2. If you configure only the domain for direct access: >> a) a request by FQDN in IE is sent as a Web Proxy client request. >> b) a request by IP in IE is sent as a Web Proxy client request. >> >> 3. If you configure both the domain *and* the corresponding IP range > for >> direct access: >> a) a request by FQDN in IE is sent as a Firewall client request. >> b) a request by IP in IE is sent as a Firewall client request. >> >> >> So, the question is obviously why is for case 2.a the request not sent > as a >> Firewall client request (this was the behavior in SP1)? >> Is this a bug and is there a workaround other than adding the > corresponding >> IP range? >> >> >> Thanks, >> Stefaan >> >> ---------------------------------------------------------------- >> >> Disclaimer >> >> De informatie in dit bericht is uitsluitend bedoeld voor de > geadresseerde en >> kan vertrouwelijke en/of bevoorrechte gegevens en/of door >> intellectuele-eigendomsrechten beschermde informatie bevatten. >> Als u niet de geadresseerde bent, gelieve dit bericht te verwijderen > en de >> afzender te verwittigen. U mag dit bericht niet gebruiken, wijzigen, >> dupliceren of verspreiden, noch de inhoud ervan bekendmaken aan een > derde. >> De veiligheid of juistheid van e-mailberichten kan niet gegarandeerd > worden, >> vermits de informatie onderschept, verbasterd of vernietigd kan > worden, zoek >> kan raken, te laat of onvolledig kan aankomen of virussen kan > bevatten. >> Cevi NV aanvaardt geen enkele aansprakelijkheid voor verlies of schade > die >> op enigerlei wijze te wijten is aan het gebruik van het medium. >> Eventuele standpunten of meningen in dit bericht zijn die van de > auteur en >> geven niet noodzakelijk die van Cevi NV of zijn verbonden > ondernemingen >> weer. >> Bijgevolg bindt dit e-mailbericht Cevi NV niet, tenzij het een >> uitdrukkelijke andersluidende verklaring van een gemachtigde >> vertegenwoordiger bevat. >> >> Cevi NV, Bisdomplein 3, 9000 Gent - tel. 09 264 07 01 - Rek. nr. >> 091-0015991-15 >> RPR Gent - BTW BE 0860.972.295 - > cevi@xxxxxxx >> >> >> >> ------------------------------------------------------ >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion List as: >> tshinder@xxxxxxxxxxxxxxxxxx >> To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> >> ------------------------------------------------------ >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion List as: >> stefaan.pouseele@xxxxxxxxx To unsubscribe visit >> http://www.webelists.com/cgi/lyris.pl?enter=isalist >> Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx