RE: ISA 2004 SP2 and Direct Access

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 9 Feb 2006 21:18:06 -0600

Ha Ha!

It worked!

Time to write up an article on this and provide some virtual tissue to
handle the crying :)

Tom 


Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, February 09, 2006 9:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access

http://www.ISAserver.org

YIKES!!! That really suX0RS.

Now I need to take all the IP addresses out of my Direct Access List,
because I have no idea how stable the addresses of Internet servers are
that have their FQDNs included in the Direct Access list.

BEGGING: is there a way to turn off this feature?

Thanks!
Tom 


Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Thursday, February 09, 2006 1:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access

http://www.ISAserver.org

http://support.microsoft.com/kb/903746 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Thursday, February 09, 2006 06:45
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access

http://www.ISAserver.org

Can you re-send the KB link?  Or was it private?

t

-----
"I don't want their respect, I want their obedience."
Dr. Thomas W. Shinder, M.D.



----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, February 09, 2006 6:27 AM
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access


> http://www.ISAserver.org
>
> I sent a link to the KB.
> There are no changes to autodetection; just how the script it provides
> causes the browser to behave.
>
> Stefaan - lemme know your case #, will you?
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> Sent: Thursday, February 09, 2006 12:38 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
>
> http://www.ISAserver.org
>
> I feel strange answer from Jim already because he keeps saying
> the script to populate IP adress into direct access list but
> that IP address range is for protected network only, he has not
> answered anything about this new SP2 Autodection merchanism...
>
>
>> Hi Tom,
>>
>> No comments from Jim? That's strange...
>>
>> Stefaan
>>
>> -----Original Message-----
>> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
>> Sent: woensdag 8 februari 2006 18:21
>> To: [ISAserver.org Discussion List]
>> Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
>>
>> http://www.ISAserver.org
>>
>> Hi Stefaan,
>>
>> Ha! I thought I was going crazy when I kept saying that SP2 broke
> Direct
>> Access. I'm glad you're seeing the same thing. I thought perhaps it
> was
>> something whack with my test bed.
>>
>> Tom
>>
>>
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://spaces.msn.com/members/drisa/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>>
>>
>> -----Original Message-----
>> From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx]
>> Sent: Wednesday, February 08, 2006 10:42 AM
>> To: [ISAserver.org Discussion List]
>> Subject: [isalist] ISA 2004 SP2 and Direct Access
>>
>> http://www.ISAserver.org
>>
>> Hey guys,
>>
>> There is a change in behavior if you configure sites for direct
access
> (ISA
>> Internal Network properties -> Web Browser). It doesn't work the same
> as in
>> SP1!
>>
>> This is the configuration: a workstation with the Firewall client
> installed
>> and IE configured with the routing script.
>>
>> 1. If you configure only the IP range for direct access:
>>    a) a request by FQDN in IE is sent as a Web Proxy client request.
>>    b) a request by IP in IE is sent as a Firewall client request.
>>
>> 2. If you configure only the domain for direct access:
>>    a) a request by FQDN in IE is sent as a Web Proxy client request.
>>    b) a request by IP in IE is sent as a Web Proxy client request.
>>
>> 3. If you configure both the domain *and* the corresponding IP range
> for
>> direct access:
>>    a) a request by FQDN in IE is sent as a Firewall client request.
>>    b) a request by IP in IE is sent as a Firewall client request.
>>
>>
>> So, the question is obviously why is for case 2.a the request not
sent
> as a
>> Firewall client request (this was the behavior in SP1)?
>> Is this a bug and is there a workaround other than adding the
> corresponding
>> IP range?
>>
>>
>> Thanks,
>> Stefaan
>>
>> ----------------------------------------------------------------
>>
>> Disclaimer
>>
>> De informatie in dit bericht is uitsluitend bedoeld voor de
> geadresseerde en
>> kan vertrouwelijke en/of bevoorrechte gegevens en/of door
>> intellectuele-eigendomsrechten beschermde informatie bevatten.
>> Als u niet de geadresseerde bent, gelieve dit bericht te verwijderen
> en de
>> afzender te verwittigen. U mag dit bericht niet gebruiken, wijzigen,
>> dupliceren of verspreiden, noch de inhoud ervan bekendmaken aan een
> derde.
>> De veiligheid of juistheid van e-mailberichten kan niet gegarandeerd
> worden,
>> vermits de informatie onderschept, verbasterd of vernietigd kan
> worden, zoek
>> kan raken, te laat of onvolledig kan aankomen of virussen kan
> bevatten.
>> Cevi NV aanvaardt geen enkele aansprakelijkheid voor verlies of
schade
> die
>> op enigerlei wijze te wijten is aan het gebruik van het medium.
>> Eventuele standpunten of meningen in dit bericht zijn die van de
> auteur en
>> geven niet noodzakelijk die van Cevi NV of zijn verbonden
> ondernemingen
>> weer.
>> Bijgevolg bindt dit e-mailbericht Cevi NV niet, tenzij het een
>> uitdrukkelijke andersluidende verklaring van een gemachtigde
>> vertegenwoordiger bevat.
>>
>> Cevi NV, Bisdomplein 3, 9000 Gent - tel. 09 264 07 01 - Rek. nr.
>> 091-0015991-15
>>                            RPR Gent - BTW BE 0860.972.295 -
> cevi@xxxxxxx
>>
>>
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion List
as:
>> tshinder@xxxxxxxxxxxxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion List
as:
>> stefaan.pouseele@xxxxxxxxx To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2006