The way this package works is that is uses the IP address where this request was received to redirect connect to the ISA - not the name (name resolution is often 'iffy' at best). Thus, if the client resolved 'wpad' to an address in its own subnet, then it'll get the configuration appropriate to that network. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Monday, July 25, 2005 05:05 To: [ISAserver.org Discussion List] Subject: [isalist] RE: FWC Client and Network within a Network http://www.ISAserver.org Okay, I located the SPS_Wpad file you referenced. After reading through the documentation though, I'm not sure if that will make much of a difference in my situation. I had no problems with WPAD after I took the DNS entry out. The problem was that the ISA server has multiple internal subnets, for example, most of the servers are on the 10.20.1.x subnet, and access the ISA server through 10.20.1.1. The clients on the 10.6.x.x subnet access the ISA server through 10.6.254.90. When it would resolve the DNS WPAD entry, it would attempt to read it from 10.20.1.1 instead of 10.6.254.90, and was denied. I ended up modifying the DHCP scope to point WPAD to the correct IP address instead. I will have to locate and look at the article (link in documentation doesn't work): "Automatically Detect Settings" Does Not Work if you Configure DHCP Option 252, as this sounds suspiciously like the problem I was seeing. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, July 22, 2005 12:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FWC Client and Network within a Network http://www.ISAserver.org Ah - you're talking about the DNS / DHCP, not the ISA config. Have you tried the SBS_Wpad solution I posted? It'll be interesting to see if it survives the multi-net environment, too, although that's an unlikely scenario when ISA / IIS coexist. -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Thursday, July 21, 2005 9:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FWC Client and Network within a Network http://www.ISAserver.org Yes, it operates the same, but you have to configure it different. You're still thinking of the "network-behind-a-network" scenario as being the "only" way anyone would ever set up a "complex" network. Reading his other response shows that he IS using that scenario, so you get off lightly on this one... *grin* The point I'm trying to make is that if you have multiple NICs in the ISA server for separate "internal" networks (which you hinted at in another message), then you have to configure the FWC and the WPAD entries differently. Each subnet has to have different configuration entries corresponding to the particular NIC on the ISA server facing that network. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, July 21, 2005 8:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FWC Client and Network within a Network http://www.ISAserver.org No, it doesn't. The FW client operates the same regardless of the network environment. Your point about the addresses is exactly what I was talking about the net behind a net doc. -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Thursday, July 21, 2005 12:52 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FWC Client and Network within a Network http://www.ISAserver.org That all depends on if he is using the ISA server as the router or if he is using the "network behind a network" scenario. If he is using the ISA server as the central hub/router, then he'll have to put the different addresses of the ISA server for each subnet into the FWC settings. This is related to the wpad conversation we had last week. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, July 21, 2005 1:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FWC Client and Network within a Network http://www.ISAserver.org I'm not clear on your concerns... Installing the FWC on a host has nothing to do with whether or not it belongs to network A or Network B. If you want the ISA and "smart clients" (web and FWC) to handle this complex network properly, then follow the instructions in the "net behind a net" doc that you referenced and all should be well... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Peter [mailto:pladd@xxxxxxxx] Sent: Thursday, July 21, 2005 09:43 To: [ISAserver.org Discussion List] Subject: [isalist] FWC Client and Network within a Network http://www.ISAserver.org I know this question has been discussed in the past but I am concerned about whether or not I should install the FWC on all of my User Workstations or not. Any help would be greatly appreicated. SITE 1: ISA Server 2004, Ext Interface Connected to "Internet" Router. Internal Interface connected to 192.168.10.x subnet that has a PPP connection via a second router to SITE 2 and SITE 3. All Servers (mail, web, domain et al local to site 1. SITE 2: Connected to Site 1 and Site 3 via PPP. Local subnet 192.168.20.x. No direct connection to the Internet. SITE 3: Connect to Site 1 and Site 2 via PPP. Local subnet 192.168.25.x. No direct connection to the Internet. SITE 2 and SITE 3 connect to the Internet via the ISA Server on SITE 1. Question: Should I install the FIREWALL Client on all Desktops at EACH SITE. In Tom's book there are references to using both the Secure NAT and the FWC on the remote subnets. I am confused by this. Also, I reply by Thor (grealy appreciated btw) references installing the FWC on the Desktops at the Remote sites but using their local router as the DGW. Ideally, I want to install the FWC on ALL Computers, including the Exchange Servers, DNS, and DC for the added secure communications. But I am not sure if I should do this. I have a lab setup but it is a single subnet lab. Thus, I don't have the equipment to truly test this. If I install the FWC on the desktops of the remote Clients and Servers, should I then put their local router as their DGW? Thank you for any commnets. PS- I really like this board. I have been reading it daily since I discovered it. thakns for all the posts. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.