Re: Routing an IP

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 9 Jan 2003 18:55:22 -0800

MessageYou're right; you can't limit protocol rules "to" anything.
You can limit what machine has access to it with Client Address Sets, though

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the help / books / articles!

  ----- Original Message ----- 
  From: Stephen Herrera 
  To: [ISAserver.org Discussion List] 
  Sent: Wednesday, January 08, 2003 09:43
  Subject: [isalist] Re: Routing an IP


  http://www.ISAserver.org


  This is definitely the direction I want to go! Thanks for all your time Jim. 
Last question I hope. I can deny http traffic coming in to a specific IP. For 
instance I stopped HTTP coming in to the public IP for the app. That does not 
stop the app from working because port 80 is still open so all is well. 
However, using protocol rules I cannot deny HTTP going out to a certain IP or 
destination set. I can only have it open or closed. Is there a way to block 
HTTP only to a certain IP from the LAN going out? In other words I want to stop 
my LAN from being able to use HTTP to access a server in the DMZ. Thanks.

   

  Steve

   

   

  ---Original Message-----
  From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
  Sent: Tuesday, January 07, 2003 7:17 PM
  To: [ISAserver.org Discussion List]
  Subject: [isalist] Re: Routing an IP

   

  http://www.ISAserver.org

  There are two places where ISA owns port 80:

  - Incoming Web Requests listener; you have to set it to operate "per IP" and 
remove all IPs where you don't want it to respond to incoming port 80 
connections

  - Automatic Detection; you can disable it so that ISA no longer listens to 
port 80 on the internal interface (all IPs).

   

  You shouldn't have to disable auto-detection, though; the internal clients 
should be requesting a DMZ IP address and a protocol rule should handle that.

   

   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/pages/author_index.asp?aut=3
   http://isatools.org
   Read the help / books / articles!

   

  ------------------------------------------------------
  List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
  ------------------------------------------------------
  Exchange Server Resource Site: http://www.msexchange.org/
  Windows Security Resource Site: http://www.windowsecurity.com/
  Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP
• » Re: Routing an IP

1. Home
2. isalist
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---