RE: how to manage using ISA behind a leased line
- From: "cismic" <cismic@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 2 Jan 2002 16:12:08 -0800
Yeah, I agree on that. I think I'll push to get another machine setup
good thing that I've kept
Sql off all main pages in the site. I can quickly put a standard page
out stating that the site is
Offline for maintenance.
Thanks for the input!
Joseph
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 02, 2002 4:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: how to manage using ISA behind a leased line
http://www.ISAserver.org
..a problem for what client operating in which network using what
protocols? SQL (depending on version, of course) can be operated using
any combination of NetBIOS or SQL (TCP-1433, 1434) protocols requiring
either Kerberos or NTLM authentication. This makes DMZ SQL operations
very picky..
Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the book!
----- Original Message -----
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 02, 2002 15:12
Subject: [isalist] RE: how to manage using ISA behind a leased line
http://www.ISAserver.org
Jim,
My internal ISA box crashed and I've not had a chance to get another one
setup. Is it a problem to run a simple sql machine in the DMZ? Thanks
Joseph
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 02, 2002 3:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: how to manage using ISA behind a leased line
http://www.ISAserver.org
You can't apply the "securing firewall clients" to secureNAT clients
because they're fundamentally different. Take a read in here for
details:
http://isaserver.org/authors/harrison/tutoials/isa-clients-part1.htm
http://isaserver.org/authors/harrison/tutoials/isa-clients-part2.htm
http://isaserver.org/authors/harrison/tutoials/isa-clients-part3.htm
Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the book!
----- Original Message -----
From: "Gérard Dumazet" <gdumazet@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 02, 2002 14:12
Subject: [isalist] RE: how to manage using ISA behind a leased line
http://www.ISAserver.org
Jim thanks again , i think this times the situation is clear for me,
unfortunately i can't try it now as i am not in front of the network,
but will do it next week and let you know. your tutorial explains all of
this but the point was that i had no hand on the routers which are
managed from outside and was not able to check the gateways properly.
last point for information only : in the last page of the tutorial you
mention the configuration for securing firewalls clients. can this
config be compatible with securenat clients ? i understood one way or
the other for all subnets. i ask this in case one of the clients need in
the future to be a firewall client in my config.
-----Message d'origine-----
De : Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Envoyé : mercredi 2 janvier 2002 15:32
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: how to manage using ISA behind a leased line
http://www.ISAserver.org
ISA must also have a route to site B. You enable this by adding site
B's subnet to the ISA routing table. If you have RRAS installed, enter
it there. If no RRAS on the ISA, use the "route -p add <subnet> mask
<netmask> <gateway>" command. In your case, the command would be "route
-p add 192.168.1.0 mask 255.255.255.0 192.168.2.1"
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the book!
----- Original Message -----
From: "Gerard Dumazet" <gdumazet@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 02, 2002 03:09
Subject: [isalist] RE: how to manage using ISA behind a leased line
http://www.ISAserver.org
This is a multi-part message in MIME format.
------------------------------------------------------------------------
----
----
sorry for my english. i read carefully your reply and just realised my
question was not clear
i have only one ISA in site A - no exchange server
2 subnets and one domain with a pdc in site B and a bdc in site A
site A 192.168.2.0 bdc2000 + ISA internal NIC 192.168.2.0 gateway : none
external NIC 192.168.3.2 gateway 192.168.3.1 adsl router
in site A all clients securenat clients internet fine smtp/pop fine for
outlook express all clients can share with site B having settled static
and permanent routes to site B having 192.168.2.1 as gateway
site B 192.168.1.0 pdc2000 AD NIC 192.168.1.2
no ISA, no EXCHANGE
how to configure any client of site B to be able to be a securenat
client for iSA on site A
and
to access shared ressources in site A
pointing the default gateway on site B's router doen not help
-----Message d'origine-----
De : Gallop, George [mailto:George.Gallop@xxxxxxxxxx]
Envoye : mardi 1 janvier 2002 23:27
A : [ISAserver.org Discussion List]
Objet : [isalist] RE: how to manage using ISA behind a leased line
http://www.ISAserver.org
Happy New Year.
I am struggling with understanding your English, sorry.
I am no guru, but possibly if I explain what I understood of the problem
we can try and all help? I have a suggested solution below, so if
anyone wants to comment further...
Site A: 192.168.2.x
Site B: 192.168.1.x
Both Sites connect through a leased line:
Router is 192.168.2.1 for site A
and 192.168.1.1 Site B
DC / possibly Exchange Server in each site and also ISA Server (?):
Site A 192.168.2.2
Site B 192.168.1.2 (?)
I think for clients to access the DC's in each site, you need to do the
following:
1. Set the Default gateway on the secure NAT clients to the ISA server
in the site. 2. On the ISA Server in each site set a static route
something like (depending on your subnet mask):
Site B's ISA Server:
route add -p 192.168.2.0 mask 255.255.255.0 192.168.1.1 metric
Site A's ISA Server:
route add -p 192.168.1.0 mask 255.255.255.0 192.168.2.1 metric
3. In the LAT for the ISA Server ensure the remote network 192.168.x.x
is there.
Lastly, I am not sure but would the clients using SNAT also need a
static route to the remote network, anyone?
Kind regards, George
-----Original Message-----
From: dumazet [mailto:gdumazet@xxxxxxxxxxx]
Sent: Wednesday, 2 January 2002 4:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] how to manage using ISA behind a leased line
http://www.ISAserver.org
fist of all happy new year to everyone especially to those who are
managing this helpful list
i already asked one week ago such a question but did'nt succeeded to
have the right answer, so i formulate again my problem
it is a small company with 6 boxes center of paris (site A 192.168.2.0)
and another office with 10 boxes (site B 192.168.1.0)
both offices are connected through a leased line with cisco routers 800
having adresses 192.168.2.1 for site A and 192.168.1.1 for site B
a win 2K cpd with ad is in site B and another in site A 192.168.2.2
each box in each site has to connect to shared applications ou folders
in one or the other site. until now everything was working fine
to give access for users to internet and be able to use outlook express
for internet mail we just installed ISA on the csd of site A :
192.168.2.2 waiting for better time to use another independant server we
are using a bewan router on adsl line ok
everything working fine for site A with securenat clients (http, smtp,
pop3)even able to use shared folders on site B using add -p routes to
site B
but we dont't know what to do for site B
on the internal NIC of ISA 192.168.2.2 we can't include a gateway on the
router of site A 192.168.2.1 , accordingly the boxes of site B can't
connect to the shared folders or applis running on ISA box.
all boxes of site B have the router of site B as gateway 192.168.1.1 but
this does not help to be securenat clients for ISA on site A
applis don't work anymore and internet is useless
i am sure for most of you this routing problem should be quite easy to
solve and i just see on message also on this list nearby mine but noone
gave idea and this is why i ask again
thanks for any idea
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
george.gallop@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gdumazet@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------------------------
----
----
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gdumazet@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
________________________________________________________________________
____
__
ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails
depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
