RE: Internet Access and OWA access
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 2 Aug 2005 07:51:16 -0500
Hi Alex,
Remember, the ISA firewall was designed to be a NETWORK FIREWALL -- the
unihomed breakages don't follow the core design principles, so you have
to think of it as an exception. The ISA firewall is not Proxy Server X.X
Its in the book! :-)
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 7:31 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet Access and OWA access
Tom,
Really? Then what is the External network listed under networks
mean? It says it represents the Internet and I can add it to access
rules.
Alex
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Mon 8/1/2005 9:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access and OWA access
http://www.ISAserver.org
Hi Alex,
You miss a key point: there is NO external network with a
unihomed ISA firewall.
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, August 01, 2005 5:07 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Internet Access and OWA access
>
> http://www.ISAserver.org
>
> Hi Tom,
>
>
>
> I realize that your book is more geared towards using the
> full firewall features of ISA 2004 but doesn't some of the
> procedures for creating rules on the server carry over
> whether your unihomed or full firewall config?
>
> The access rule I created was allow all internal traffic on
> all protocols to external. Then on the proxy page I turned
> on web proxy on port 8080. For the OWA publishing rule I
> followed the wizard. I just did the web client, then
> standard connections, then I used the ip address
> (192.168.1.106) of the exchange server for the name of the
> destination, then I for the domain I used the ip address
> again. Then on the listener I told ISA to listen on the IP
> address I gave it to listen on which is 192.168.1.109. This
> address is on the ISA server as an additional address and is
> outside of the configured internal network. That range goes
> from 192.168.1.102-107.
>
> As for event log errors I've received one of these:
> The Web Proxy filter failed to bind its socket to
> 192.168.1.108 port 80. This may have been caused by another
> service that is already using the same port or by a network
> adapter that is not functional. To resolve this issue,
> restart the Microsoft Firewall service. The error code
> specified in the data area of the event properties indicates
> the cause of the failure.
>
> And 2 of these:
> Web publishing rule [owa] failed because the Web listener
> selected for the rule is not valid. Verify that the Web
> listener specifies a valid IP address on this computer.
>
> The first one has me more confused than the second. The
> second for some reason doesn't want to recognize the IP
> address on the computer even though I can choose it in ISA
> when I was setting up the listener.
>
>
> Thanks
>
> ________________________________________
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, August 01, 2005 5:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Internet Access and OWA access
>
> http://www.ISAserver.org
> Hi Alex,
>
> What pages? The entirety of the book, except for sections
> specific for unihomed ISA firewalls, assumes you're using the
> full firewall config.
>
> What is the exact config of the Web Publishing Rule? Access
Rule?
> IP addressing on the ISA firewall's interface?
> Definition of the default internal network?
> Errors reported in the Event Viewer?
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
> ________________________________________
> From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, August 01, 2005 3:56 PM
> To: [ISAserver.org Discussion List]
> Subject: RE: [isalist] RE: Internet Access and OWA access
> If I try to use the server for proxy, I cannot get to the
> Internet. If I try to reach OWA using the IP address in the
> listener on the ISA 2004 server I dont get there. I'm new to
> ISA. Like I said I followed the instructions listed in the
> book I am just wondering if i missed a prereq somewhere.
> It's a single nic server, I setup the internal range at setup
> of the server, I created an open all rule, verified that web
> proxy is turned on for the internal network, and I followed
> the guidlines to publish a mail server as they are layed out
> in the book.
> ________________________________________
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Mon 8/1/2005 11:34 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Internet Access and OWA access
> http://www.ISAserver.org
> It would help to know what "isn't working".
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
> ________________________________________
> From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, August 01, 2005 06:19
> To: [ISAserver.org Discussion List]
> Subject: RE: [isalist] RE: Internet Access and OWA access
>
> Hi Tom:
>
> According to this KB
> http://support.microsoft.com/default.aspx?scid=kb;en-us;838364
> ISA 2004 supports proxy and web publishing in a single homed
> NIC configuration. My question is what more is left for me
> to do to get this to work if I have already already done an
> open all for the firewall and network, turned on web proxy on
> the internal network, and pointed my browser at the ISA
> server and port 8080 to get Internet access. And then for
> the publishing, I am not doing any secure publishing it's
> just a mail publishing rule that points to the OWA server.
> Is there other configurations that I need to do to get them
> to work? And where should I look for them in your book? I
> followed the steps outlined and they dont seem to be working
for me.
>
> Thanks!!!
>
>
> ________________________________________
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Mon 8/1/2005 9:07 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Internet Access and OWA access
> http://www.ISAserver.org
>
> Hi Alex,
>
> 1. Unihomed ISA firewalls see all Networks as part of the
Internal
> Network
> 2. Unihomed ISA firewalls supports ONLY HTTP/HTTPS/HTTP
tunneled FTP
>
>
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
> > Sent: Monday, August 01, 2005 7:58 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Internet Access and OWA access
> >
Other related posts:
