Hi Tom, NEVER create packet filters unless you have a very specific purpose for doing so, and you understand how they work. There's an article on www.isaserver.org on when to use packet filters (which isn't very often). HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, June 30, 2004 2:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Newbie Needs Help http://www.ISAserver.org Steve, Thanx for the reply. I have not found an article on the website that tells me how to Telnet. Here is another question I thought of...For firewall and web proxy clients, do I just define Sites and Content rules then Protocol rules and ignore IP Packet Filters? When do I use IP Packet Filters? Only when allowing something to access the Internet on the ISA server itself? -Tom > -----Original Message----- > From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, June 30, 2004 3:32 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Newbie Needs Help > > > http://www.ISAserver.org > > > There are articles for most, if not all that you require on the > isaserver.org website. > > Steve > > -----Original Message----- > From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx] > Sent: Wednesday, June 30, 2004 4:23 PM > To: Isa Weblist > Subject: [isalist] Newbie Needs Help > > http://www.ISAserver.org > > First of all, is this list a place for newbies to get help or > is it only > for seasoned pro's? > > If newbies can obtain help via this list, then here's my scenario... > > I have a simple, single domain, single subnet W2K network. I have 6 > servers total and various servers run DHCP, DNS, WINS, Exchange 2000, > Proxy Server 2.0 SP-1, IIS-5, etc. > > I am trying to implement an ISA 2000 Server. This is a brand > new box. It > has two NICs, one internal and one connected to a Road Runner Cable > Modem which assigned IPs via DHCP. I have both my NICs setup > properly - > following the tutorial on ISAserver.org > > I need to allow the following services to run through ISA: > > Internet User -> ISA Server -> FTP Server Internet User -> > ISA Server -> > WEB Server Internet User -> ISA Server -> OWA 2000 from Internal > Exchange 2000 Server IIS-5 (Not using SSL, but requiring Windows > Authentication > > Internet User VIA VPN -> ISA Server -> Internal Network share Access > (and to use Terminal Server to access Servers) requires Windows > Authentication > > Internet User VIA pcAnywhere -> ISA Server -> Access any host running > pcAnywhere, including host on the ISA Server > > Exchange/POP3 software [an email gateway (connector) that retrieves > messages from Internet POP3 email accounts (IMAP also supported) and > delivers them to Exchange Server] software on ISA Server that goes out > to our ISPs mail server, downloads all emails into our Exchange Server > box -> ISA Server -> Internet (in order for this to work, all > I need to > do is to be able to successfully TELNET to our ISP mail server on port > 110) > > DynIP needs to work (software that automatically tracks dynamic IP > addresses assigned by our ISP, so we can act like we have a static IP) > When I make a web connection into my internal web server, i get to use > http://name.dynip.com/website instead of having to manually keep track > of the ISP assigned IP number. > > Internal User running Outlook Express -> ISA Server -> > SMTP/POP3 to Road > Runner ISP on Internet Internal User running AOL Instant Messenger -> > ISA Server -> Internet Internal User running Weatherbug - > ISA Server > -> Internet Internal User running MS IE 6.0 SP-1 -> ISA Server -> > Internet Internal User running MS Windows Media Player 9 -> ISA Server > -> Internet Internal User running RealOne Player 10 -> ISA Server -> > Internet Internal User running Listen Rhapsody 2.1 -> ISA Server -> > Internet > > Ok, I know it's alot, but that is my task. When I installed > ISA Server, > I created and enabled a protocol rule so that only our > internal INTERNET > USERS could access the Internet using all protocols, at all times, the > ALLOW ACCESS (Sites and Content) was already there. This > worked fine. I > could access the internet with my web proxy clients and firewall > clients. I even setup the ISA server so that it could access the > Internet - worked fine. > > I next tried to setup the Exchange/Pop3 software, by trying to > Telnetting out, but it would not work. Sites and Content has the rule > ALLOW ACCESS, and I already have a Protocol rule setup to allow all > protocols, all the time. I could not Telnet. Then I setup a protocol > rule for Telnet, and created an IP Packet Filter and opened > port 23 both > directions, on internal and remote. No luck. Then I tried to make ISA > server wide-open (everything flows freely) and it worked. I > have no idea > how to correctly configure this with security. > > I have setup the DynIP software correctly - they had a > tutorial on their > website. I tried to publish my OWA web server, but I cannot access it > from the outside world. I have not tried/tested the other > things I need > to get working. > > Currently EVERYTHING works on my Proxy 2.0 Server when > connected to Road > Runner cable modem. (I move the RR connection from my Proxy Server to > the ISA server when testing.) > > I have looked all over ISAserver.org, read numerous books and web > articles, but have yet to find out how to do all this. I > really want to > get rid of my Proxy Server 2.0 and OWA 5.5 server (which runs on the > Proxy box). > > If anyone can help, please do so. I would GREATLY appreciate it. (ISA > Server seems more trouble than it is worth right now.) > > TIA, > > -Tom > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ > Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > This E-Mail is confidential. It is not intended to be read, > copied, disclosed or used by any person other than the > recipient named above. > > > Unauthorised use, disclosure, or copying is strictly > prohibited and may be unlawful. Optimum IT Solutions > disclaims any liability for any action taken in connection of > this E-Mail. The comments or statements expressed in this > E-Mail are not necessarily those of Optimum IT Solutions or > its subsidiaries or affiliates. > > administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: trogers@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist