RE: ISA Feature Request

• From: "Ian McGregor" <imcgregor@xxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Sat, 8 Nov 2003 15:59:00 -0700

Mount Gay Barbados Rum, with ice.  You'll never drink that Pseudo-cuban
swill again once you've tried MG.

here something vaguely related to this topic that I've never understood.

I've got servers to be published, a router, and as ISA server all on the
same subnet (or broadcast domain - 10.1.1.0/24 for example).  The router
has as its default route the internal addy of the the ISA server, and the
servers to be published have the router as their default gateway - set
this up and server publishing doesn't work.  The only way to get it to
work is to set the default gateway on said servers to the ISA internal
address (at least thats the case on my installation) - it seems it doesn't
like this kind of setup where:

1) incoming packet for published server is translated and sent directly to
the published server (as it is on the same subnet)
2) outgoing reply goes through an intermediate router) before going out.

what is the reason for this behavior? am i missing something pretty basic?
 Never was an issue on checkpoint firewall-1.

its a very minor thing - it just makes my DHCP scopes a bit more complex
than i would like.

> Bacardi, of course.
> Actually, given that the weekend is upon us, some Cuervo Gold sounds pretty
> tasty, too.
> 
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, November 07, 2003 08:31
> Subject: [isalist] RE: ISA Feature Request
> 
> 
> http://www.ISAserver.org
> 
> Hi Jim,
> 
> I think I about ready to take my brain out and put it in a jar for a
> couple of weeks.
> 
> You're correct. Web published servers don't need to be SecureNAT because
> the source address is the internal address of the ISA firewall. Its
> assumed that the network routing infrastructure know the path to that
> address, which makes it independent of the gateway address.
> 
> What I was thinking of was the source address on the forwarded request
> issue.
> 
> Do you any suggestions as to what I should put in the jar?
> 
> Tom
> 
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Friday, November 07, 2003 10:18 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA Feature Request
> 
> http://www.ISAserver.org
> 
> ??
> 
> Web Publishing doesn't require that the published server be SecureNAT;
> that's only for Server Publishing...
> ..or am I reading your response inside out..?
> 
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message -----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, November 07, 2003 07:51
> Subject: [isalist] RE: ISA Feature Request
> 
> 
> http://www.ISAserver.org
> 
> Hi Stefaan,
> 
> Good point. I was lumping both Server and Web publishing together.
> 311777 fixes the problem for Server Publishing but not for Web
> publishing. I still think that MS might do something about this issue in
> future revs of the product because so many people have asked about
> preserving the source address in Web publishing rules.
> 
> Thanks!
> Tom
> 
>   _____
> 
> From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx]
> Sent: Friday, November 07, 2003 9:30 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA Feature Request
> 
> 
> http://www.ISAserver.org
> 
> Hi Christian,
> 
> what about
> http://support.microsoft.com/default.aspx?scid=kb;en-us;311777
> <http://support.microsoft.com/default.aspx?scid=kb;en-us;311777>  ?
> 
> HTH,
> Stefaan
> 
> -----Original Message-----
> From: Christian.Schramm@xxxxxxxxxxxxxx
> [mailto:Christian.Schramm@xxxxxxxxxxxxxx]
> Sent: vrijdag 7 november 2003 12:12
> To: [ISAserver.org Discussion List]
> Subject: [isalist] ISA Feature Request
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Tom,
> Hi Jim.
> 
> Does anyone of you know, if there will be a future version of
> ISA server, which is able to create Server Publishing rules for servers
> not located on the same subnet as the internal ISA nic resp. does not
> have the ISA server as their default gateway (no SecureNAT clients) ?
> 
> Greetings,
> 
> Christian
> 
> 
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: stefaan.pouseele@xxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
> 
> All mail from this domain is virus-scanned with RAV.
> www.ravantivirus.com
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
> 
> All mail from this domain is virus-scanned with RAV.
> www.ravantivirus.com
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

Other related posts:

• » ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request
• » RE: ISA Feature Request

1. Home
2. isalist
3. Archive
4. 11-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---