Well, I think I solved it, but this is leading me straight to the next question. How does ISA associate networks to actual network cards? Or rather, is there a way for me to force ISA to accept traffic from a certain source on a certain nic? Mit freundlichen Grüßen, kind regards, Milan Göllner Computer Services & Informationssysteme CAE Elektronik GmbH Military Simulation & Training 52220 Stolberg, Germany -- Tel: +49 (2402) 106 691 eMail: milan.goellner@xxxxxxxxxxx -----Original Message----- From: Milan Göllner [mailto:milan.goellner@xxxxxxxxxxx] Sent: Wednesday, October 12, 2005 1:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Need some insight on denied traffic and web proxies http://www.ISAserver.org Just to add to my previous posting, I'm seeing this error: FWX_E_FWE_SPOOFING_PACKET_DROPPED Mit freundlichen Grüßen, kind regards, Milan Göllner Computer Services & Informationssysteme CAE Elektronik GmbH Military Simulation & Training 52220 Stolberg, Germany -- Tel: +49 (2402) 106 691 eMail: milan.goellner@xxxxxxxxxxx -----Original Message----- From: Milan Göllner [mailto:milan.goellner@xxxxxxxxxxx] Sent: Wednesday, October 12, 2005 12:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] Need some insight on denied traffic and web proxies http://www.ISAserver.org Greetings list, I have an issue in the following scenario, my insight into ISA is still somewaht limited so right now I'm failing to understand this. I have a default internal network, I have a default external network, I have an added perimiter network I have only one nic enabled right now, I'm still testing web proxy features I want to enable web proxies for internal and perimiter networks which I think I did correctly, at least everything is working when traffic originates from my internal network However: my scenario includes various remote webservers only reachable via vpn tunnles. The remote web servers will only accept traffic originating in our internal network. Whilst playing around with this scenario I noticed the following: I have set up an access rule allowing everything from perimiter to ISA server, later on this will again be reduced to whatever is actually needed. On a host in the perimiter I entered the internal IP of ISA as the proxy, the perimiter actually gets 'routed' across a PIX sitting in between as well. I then try to access a remote web server, however, access is denied. ISA's monitor denies access to port 8080. The originating IP is taht of the actual host, target is ISA. The access rule permits everything from perimiter to ISA. I created the perimiter network as a network enabling the proxy on it as well as a network range containing the IPs of the perimiter network. I tried combinations of various objects in the access rule, finally opening up everything, but still I get an access denied which I don't get. Where is the error? (I'll gladly accept references to Tom's book or some website, this has probably been discussed somewhere before and I'm sorry if I'm bringing this up again) Thank you for your time Mit freundlichen Grüßen, kind regards, Milan Göllner Computer Services & Informationssysteme CAE Elektronik GmbH Military Simulation & Training 52220 Stolberg, Germany -- Tel: +49 (2402) 106 691 eMail: milan.goellner@xxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: milan.goellner@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: milan.goellner@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx