RE: ISA 2004 SP2 and Direct Access
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 9 Feb 2006 09:43:07 +0100
Hey guys,
I opened a ticket with Microsoft PSS EMEA. Wonder what they will say...
Stefaan
-----Original Message-----
From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
Sent: donderdag 9 februari 2006 9:38
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
http://www.ISAserver.org
I feel strange answer from Jim already because he keeps saying the script to
populate IP adress into direct access list but that IP address range is for
protected network only, he has not answered anything about this new SP2
Autodection merchanism...
> Hi Tom,
>
> No comments from Jim? That's strange...
>
> Stefaan
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: woensdag 8 februari 2006 18:21
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
>
> http://www.ISAserver.org
>
> Hi Stefaan,
>
> Ha! I thought I was going crazy when I kept saying that SP2 broke
> Direct Access. I'm glad you're seeing the same thing. I thought
> perhaps it was something whack with my test bed.
>
> Tom
>
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
> -----Original Message-----
> From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx]
> Sent: Wednesday, February 08, 2006 10:42 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] ISA 2004 SP2 and Direct Access
>
> http://www.ISAserver.org
>
> Hey guys,
>
> There is a change in behavior if you configure sites for direct access
> (ISA Internal Network properties -> Web Browser). It doesn't work the
> same as in SP1!
>
> This is the configuration: a workstation with the Firewall client
> installed and IE configured with the routing script.
>
> 1. If you configure only the IP range for direct access:
> a) a request by FQDN in IE is sent as a Web Proxy client request.
> b) a request by IP in IE is sent as a Firewall client request.
>
> 2. If you configure only the domain for direct access:
> a) a request by FQDN in IE is sent as a Web Proxy client request.
> b) a request by IP in IE is sent as a Web Proxy client request.
>
> 3. If you configure both the domain *and* the corresponding IP range
> for direct access:
> a) a request by FQDN in IE is sent as a Firewall client request.
> b) a request by IP in IE is sent as a Firewall client request.
>
>
> So, the question is obviously why is for case 2.a the request not sent
> as a Firewall client request (this was the behavior in SP1)?
> Is this a bug and is there a workaround other than adding the
> corresponding IP range?
>
>
> Thanks,
> Stefaan
>
Other related posts:
