Re: Traffic denied between internal and local host
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 1 Oct 2004 09:59:52 -0500
Hi Jeff,
You should be using Direct Access for Internal Sites.
I think its time for me to update my Direct Access article for the new
ISA firewall. The fact is you should NEVER need to create an Access Rule
allow internal clients access to Internal resources, with the only
exception being when you use a unihomed caching-only ISA firewall. In
that case, the whole world is Internal to the ISA firewall, so you have
to allow Internal to Internal :) But when the ISA firewall is installed
and configured as a firewall, then NEVER is an Internal to Internal rule
required when Direct Access is configured correctly.
Thanks!
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx]
Sent: Friday, October 01, 2004 9:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Traffic denied between internal and local host
http://www.ISAserver.org
But I have had to do that a bunch!
Once I got ISA set up, I could not get to any Internal sites, like
printer and switch web interfaces without setting up destination sets
and allowing them from any internal request, even though outside web
sites worked fine.
And yes, the check box for don't use proxy for internal addresses was
checked.
Addressing was done by IP typed into the address field.
That's how it worked for me, but maybe there was some other reason, but
that fixed it for me.
Jeff Sloan
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, October 01, 2004 9:40 AM
To: ISALists
Subject: [isalist] Re: Traffic denied between internal and local host
http://www.ISAserver.org
Creating a rule that allows internal to internal is silly. There is no
reason for an internal client to use ISA to reach an internal resource.
If this traffic is intended to go from an internal client to an external
site, the rule s/b "Internal" to "External".
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Watts, Jeb" <Jwatts@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 01, 2004 07:12
Subject: [isalist] Traffic denied between internal and local host
http://www.ISAserver.org
I have a rule set up to allow all outbound traffic FROM internal and
local host TO internal and local host for all users. I have a Palm unit
attached to a workstation that communicates to a server on the internet.
The traffic is being denied from the workstation to the ISA server. The
status is 0xc0040014. The application protocol shows "unidientified IP
traffic". According to the old ISA 2000 logs the protocol is http and
the transport is TCP. Any ideas why this traffic is being denied?
Thanks!
Jeb
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
