Re: RRAS and ISA

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 25 Nov 2001 12:31:17 -0800

Inline...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG

----- Original Message -----
From: "Saptoyo" <saptoyo@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, November 25, 2001 11:23
Subject: [isalist] RRAS and ISA


http://www.ISAserver.org


I read it somewhere that it is not a good idea to run RRAS in the same
server where ISA reside, is that correct?  My understanding from the
reading state that the user may loop around the RRAS, especially if you
are running in the firewall mode.

* that statement is erroneous; RRAS is necessary for dial-up user support
and VPN connectivity.  How the admin chooses to configure RRAS is where the
"route around ISA" issue comes into play.

Secondly, if I don't use RRAS, how would I be able to address map an
internal IP to an external one statically.  I need to use static mapping
for some certain services that we need to have.  I know that only RRAS can
do that.  However, at this time, I am not successful in doing the static
map when both services are up.  Any suggestion?

* While it's true that only RRAS can establish a 'one-to-one" IP mapping for
all protocols, you don't need it on a per-protocol basis ("certain
services"), as you've described.  ISA server and web publishing is the
preferred solution in that case.

I did put secondary addresses on the NIC (by doing the advance feature),
however, all the services still come out to the "external nic" address.  I
only want a certain users to be able to use the services.  I know that I
can assigned the external nic to have an IP address that will provide the
service, but that mean I am letting everyone to be able to access the
"limited" service.

* ..not quite clear what you're trying to do, but if you mean you want
certain services to use a given external IP on the ISA server, then you need
to read up on the "Firewall Client Application Settings" in the ISA help.
* alternatively, if you're trying to limit ISA usage on a per-user / group
basis, then the ISA help has something to say there, too.

Thank you for your suggestions.


Saptoyo Soemampauw, MCSE W2K, MCDBA, CCNA, CCDA, CNA
1307 San Jacinto, 11th Floor, Houston, Texas 77002
e-mail: saptoyo@xxxxxxxxxxxxxxxxxx

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Re: RRAS and ISA
• » RRAS and ISA

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription