smtp pop3
- From: "Bob Cheeseman" <bob@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 26 Aug 2001 13:57:31 -0400
Is it possible for unauthenticated clients on an sbs 2000
network with ISA, to send and receive mail without
uninstalling the firewall client?
Packet filter?
Bob Cheeseman
-----Original Message-----
From: David Dellanno [mailto:david@xxxxxxxxxx]
Sent: Saturday, August 25, 2001 11:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: What are most people doing?
http://www.ISAserver.org
Hi Carl,
VPN purpose is intended for clients outside the Corporate
Network
and not behind the ISA2000 network. Assuming that the client
belongs to the
Corporate A's network and then has physically moved outside
of the Corp A's
network. The client computers that are outside the
Corporate Network that
have the Firewall Client installed would not have that
symptom that you are
facing since first the Firewall Client can no longer
establish a connection
to the ISA2000 server from the outside, the Firewall Client
would be
disabled automatically. So if they were either at home or
in another
companies network, you would not have a problem able to
access web sites,
file shares, or other mail servers on a different network.
In your case, it sounds like you are behind another ISA2000
server
that your Firewall Client communicates with (let's say
Network B), and you
are trying to establish a VPN client session into another
network. Since
you have not left the network, your Firewall Client can
still communicate
with your ISA2000 and it will not automatically disable
itself.
Remember when you establish a VPN client connection, your
computer
is now acting as a multi-home computer and needs ip
forwarding to function
but having the Firewall Clients enabled, its main function
is to establish a
continuous TCP session with the ISA2000 to support Winsock
applications. My
guess is that the Firewall Client when enabled, disables IP
Forwarding or
forces the computer to only communicate with the ISA2000
server. This looks
to me that this is by design, and the Firewall Client was
not intended to
establish a VPN client session behind the firewall. If you
do want to
establish a VPN for client session to another site behind
the firewall, the
best practice would be to have ISA establish the LAN to LAN
VPN, to your
corporate site to allowing ISA to support the routing
request. The
work-around, looks like you already found it, by disabling
the Firewall
Client to establish your vpn session.
HTH,
Dave
-----Original Message-----
From: carl [mailto:carl@xxxxxxxxxxx]
Sent: Friday, August 24, 2001 4:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: What are most people doing?
http://www.ISAserver.org
The problem that I have with the firewall client is that
when I VPN into
a corporate site, I cannot access internal web sites, mail
servers or
file shares at that corporate site unless I disable the
firewall after I
connect. Anyone have any ideas how to solve this?
Carl
-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, August 24, 2001 3:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: What are most people doing?
http://www.ISAserver.org
Hi Adam,
This is a subject near and dear to my heart. :-)
All computers that support the Firewall client should have
it installed.
It will make a lot of things that you want to do easier to
do. Although,
the exception is published servers, don't install it on the
servers you
want to publish.
The SecureNAT client configuration is really meant for
clients that do
not support the Firewall client installation, or for
published servers.
Also, ALL clients should be configured as Web Proxy clients.
I don't
think there's a browser out in use now that isnt' CERN
compliant.
IMHO,
Tom
www.isaserver.org/shinder
Thomas W Shinder, M.D., MCSE, MCT
-----Original Message-----
From: Adam.Staub@xxxxxxxxxxxxx
[mailto:Adam.Staub@xxxxxxxxxxxxx]
Sent: Friday, August 24, 2001 2:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] What are most people doing?
http://www.ISAserver.org
What is the consensus? Most of you putting the Firewall
clients on your
machines? Or are you trying to control everything via the
web proxy and
Client Address sets?
Adam
************************************************************
*********
Note: This E-mail and any attachments may be privileged and
confidential
and protected from disclosure. If the reader of this
message is not the
intended recipient, or an employee or agent responsible for
delivering
this message to the intended recipient, you are hereby
notified that any
disclosure, copying, distribution or use of this E-mail and
any
attachments is strictly prohibited. If you have received
this E-mail in
error, please notify us immediately by returning it to the
sender and
deleting it from your computer system. Thank you for your
cooperation.
************************************************************
**********
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank
email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as:
carl@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: bob@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
