RE: Newbie Needs Help

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 30 Jun 2004 14:56:16 -0500

Hi Tom,

NEVER create packet filters unless you have a very specific purpose for
doing so, and you understand how they work. There's an article on
www.isaserver.org on when to use packet filters (which isn't very
often).

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, June 30, 2004 2:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Newbie Needs Help


http://www.ISAserver.org

Steve,

Thanx for the reply. I have not found an article on the website that
tells me how to Telnet.

Here is another question I thought of...For firewall and web proxy
clients, do I just define Sites and Content rules then Protocol rules
and ignore IP Packet Filters?

When do I use IP Packet Filters? Only when allowing something to access
the Internet on the ISA server itself?

-Tom

> -----Original Message-----
> From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, June 30, 2004 3:32 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Newbie Needs Help
> 
> 
> http://www.ISAserver.org
> 
>  
> There are articles for most, if not all that you require on the
> isaserver.org website.
> 
> Steve
> 
> -----Original Message-----
> From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx] 
> Sent: Wednesday, June 30, 2004 4:23 PM
> To: Isa Weblist
> Subject: [isalist] Newbie Needs Help
> 
> http://www.ISAserver.org
> 
> First of all, is this list a place for newbies to get help or 
> is it only
> for seasoned pro's?
> 
> If newbies can obtain help via this list, then here's my scenario...
> 
> I have a simple, single domain, single subnet W2K network. I have 6
> servers total and various servers run DHCP, DNS, WINS, Exchange 2000,
> Proxy Server 2.0 SP-1, IIS-5, etc.
> 
> I am trying to implement an ISA 2000 Server. This is a brand 
> new box. It
> has two NICs, one internal and one connected to a Road Runner Cable
> Modem which assigned IPs via DHCP. I have both my NICs setup 
> properly -
> following the tutorial on ISAserver.org
> 
> I need to allow the following services to run through ISA:
> 
> Internet User -> ISA Server -> FTP Server Internet User -> 
> ISA Server ->
> WEB Server Internet User -> ISA Server -> OWA 2000 from Internal
> Exchange 2000 Server IIS-5 (Not using SSL, but requiring Windows
> Authentication
> 
> Internet User VIA VPN -> ISA Server -> Internal Network share Access
> (and to use Terminal Server to access Servers) requires Windows
> Authentication
> 
> Internet User VIA pcAnywhere -> ISA Server -> Access any host running
> pcAnywhere, including host on the ISA Server
> 
> Exchange/POP3 software [an email gateway (connector) that retrieves
> messages from Internet POP3 email accounts (IMAP also supported) and
> delivers them to Exchange Server] software on ISA Server that goes out
> to our ISPs mail server, downloads all emails into our Exchange Server
> box -> ISA Server -> Internet (in order for this to work, all 
> I need to
> do is to be able to successfully TELNET to our ISP mail server on port
> 110)
> 
> DynIP needs to work (software that automatically tracks dynamic IP
> addresses assigned by our ISP, so we can act like we have a static IP)
> When I make a web connection into my internal web server, i get to use
> http://name.dynip.com/website instead of having to manually keep track
> of the ISP assigned IP number.
> 
> Internal User running Outlook Express -> ISA Server -> 
> SMTP/POP3 to Road
> Runner ISP on Internet Internal User running AOL Instant Messenger ->
> ISA Server -> Internet Internal User running Weatherbug - > ISA Server
> -> Internet Internal User running MS IE 6.0 SP-1 -> ISA Server ->
> Internet Internal User running MS Windows Media Player 9 -> ISA Server
> -> Internet Internal User running RealOne Player 10 -> ISA Server ->
> Internet Internal User running Listen Rhapsody 2.1 -> ISA Server ->
> Internet
> 
> Ok, I know it's alot, but that is my task. When I installed 
> ISA Server,
> I created and enabled a protocol rule so that only our 
> internal INTERNET
> USERS could access the Internet using all protocols, at all times, the
> ALLOW ACCESS (Sites and Content) was already there. This 
> worked fine. I
> could access the internet with my web proxy clients and firewall
> clients. I even setup the ISA server so that it could access the
> Internet - worked fine.
> 
> I next tried to setup the Exchange/Pop3 software, by trying to
> Telnetting out, but it would not work. Sites and Content has the rule
> ALLOW ACCESS, and I already have a Protocol rule setup to allow all
> protocols, all the time. I could not Telnet. Then I setup a protocol
> rule for Telnet, and created an IP Packet Filter and opened 
> port 23 both
> directions, on internal and remote. No luck. Then I tried to make ISA
> server wide-open (everything flows freely) and it worked. I 
> have no idea
> how to correctly configure this with security.
> 
> I have setup the DynIP software correctly - they had a 
> tutorial on their
> website. I tried to publish my OWA web server, but I cannot access it
> from the outside world. I have not tried/tested the other 
> things I need
> to get working.
> 
> Currently EVERYTHING works on my Proxy 2.0 Server when 
> connected to Road
> Runner cable modem. (I move the RR connection from my Proxy Server to
> the ISA server when testing.)
> 
> I have looked all over ISAserver.org, read numerous books and web
> articles, but have yet to find out how to do all this. I 
> really want to
> get rid of my Proxy Server 2.0 and OWA 5.5 server (which runs on the
> Proxy box).
> 
> If anyone can help, please do so. I would GREATLY appreciate it. (ISA
> Server seems more trouble than it is worth right now.)
> 
> TIA,
> 
> -Tom
> 
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ 
> Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> 
> This E-Mail is confidential. It is not intended to be read, 
> copied, disclosed or used by any person other than the 
> recipient named above. 
> 
> 
> Unauthorised use, disclosure, or copying is strictly 
> prohibited and may be unlawful. Optimum IT Solutions 
> disclaims any liability for any action taken in connection of 
> this E-Mail. The comments or statements expressed in this 
> E-Mail are not necessarily those of Optimum IT Solutions or 
> its subsidiaries or affiliates.
> 
> administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: trogers@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

Other related posts:

• » Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help

1. Home
2. isalist
3. Archive
4. 06-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---