Re: Web Listeners

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 14 Sep 2004 08:15:26 -0500

Hi Aman,

Proxied requests will work because they're not susceptible to isotropic
bouce. The SecureNAT client is the one most effected by the IB. However,
it will not always work with the Firewall client, so don't bet all your
chips on that hand :-))

Go with the split DNS. You'll live longer, you'll be happier, you'll
stay married longer and you'll get a bigger house some day.

HTH,
Tom 

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Monday, September 13, 2004 2:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Web Listeners

http://www.ISAserver.org

Thanks Jim, 

What I meant to say was...
Why its working fine with firewall clients without creating split DNS.

Thanks for ur help. Any idea about the other question ( I think tom's
not online today :) ) 

Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com 

PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use
of the person or entity to whom it is addressed. The contained
information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from
disclosure under applicable laws. If you read this message and are not
the addressee, you are notified that use, dissemination or reproduction
of this message is prohibited. If you have received this message in
error, please notify the sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Monday, September 13, 2004 3:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Web Listeners

http://www.ISAserver.org

It also works this way for web proxy and secureNAT clients, it's
dependent
on how name resolution is configured in your environment.
The answer is the same; quit pointing your internal clients to external
listeners to reach internal resources.
Would you ask your guests to go out the front door, around the house and
in
the back door to reach the bathroom that's just around 
the corner?

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message ----- 
From: "Aman Bedi" <gurkirpal.bedi@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 12:42
Subject: [isalist] Re: Web Listeners


http://www.ISAserver.org

Cool,

Thanks Jim

Now I know how it works for firewall clients. ;)

Thanks

About the 2nd part of question addressed to Tom, everyone else is also
requested to comment

------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-----------------------------------

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, September 13, 2004 3:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Web Listeners

http://www.ISAserver.org

Read this:
http://isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html

There's no gain to using an external listener to reach an internal
resource...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message ----- 
From: "Aman Bedi" <gurkirpal.bedi@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 12:07
Subject: [isalist] Web Listeners


http://www.ISAserver.org

Hi everyone.



I have published 2 webservers on our internal domain.



When someone accesses the sites from outside they work fine.

>From internal network, I can access the sites thru local ip, but
doesn't
work thru website name or public ip . (securenat clients)



It works fine for Firewall clients .

Any ides ?



ALSO



tom,

whish one is better, to force a client to be firewall client or to force
them to be proxy client?

i read in ISA 2004 "firewall client credentials are forwarded to the web
proxy service".

This is unlike ISA 2000 .right ?

that means if i force users to be firewall clients only, then i can have
rules based on user credentials ...( which was not possible is isa 2000,
as
u said in ur article that to do so we should force clients to be proxy
clients)

please clarify this point.

Thanks











------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Web Listeners
• » Re: Web Listeners
• » Re: Web Listeners
• » Re: Web Listeners
• » Re: Web Listeners
• » Re: Web Listeners
• » Re: Web Listeners
• » Re: Web Listeners
• » RE: Web Listeners
• » Re: Web Listeners
• » Re: Web Listeners
• » RE: Web Listeners
• » RE: Web Listeners
• » Re: Web Listeners

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---