I've got a split DNS. Always have had. R. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, September 14, 2004 9:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup http://www.ISAserver.org Hi Rob, Remember what I said about split DNS. That's for you too :-) There is an article on the www.isaserver.org site on DNS considerations for branch office deployments and it, of course, extols the virtues of the split DNS. Check it out and let us know if you have questions on it. HTH, Tom -----Original Message----- From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Monday, September 13, 2004 2:11 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup http://www.ISAserver.org More quirkiness--When I publish a web server on the ISA 2004 box, it works just fine internally and externally, but my remote sites can't load the pages. They can ping them by name or address, but can't load them in IE (neither by name nor address). Also, my RDP sessions are very unstable now (I'm using the firewall for my default gateway). Thanks, Rob -----Original Message----- From: Rob Moore Sent: Monday, September 13, 2004 1:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup http://www.ISAserver.org I think I've done that. In "1" I assume you mean the routing table for the ISA 2004 server, right? I've got that. I've also done "2". Clint Denham's article says I should also create Subnet Objects (in ISA 2004) for these subnets. He says: "Once all of these address ranges are included in the Network, you should go into the Firewall Policy -> Toolbox -> Network Objects and create new "Subnets" for the .0, .10, .20 and .30 [his sample subnets] subnets and then create Firewall Policy Access Rules that apply to the Subnets instead of the "Network"." I created one rule with the intent of allowing all traffic to pass between the remote subnets and the home network. Since I did that, things are working better, but still not perfectly. For example, DNS traffic seems to pass very slowly, and drive mappings don't pass through at all (e.g., when I RDP to a remote server, my local drive mappings don't connect, though I can ping from the remote server to the ISA 2004 box here in Philadelphia; this all worked just fine with my ISA 2000 box). Tearing my hair out... Rob -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, September 13, 2004 1:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup http://www.ISAserver.org 1 - make sure the ISA routing table understands that subnet "S" is reachable through interface "I". 2 - add subnet "S" to the network object that services interface "I" using the "addresses" tab in "Properties" Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Rob Moore" <RMoore@xxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 13, 2004 08:27 Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup http://www.ISAserver.org Hi Jim-- Can you tell me how to "associate Ipsets with existing network objects"? I think this is what I need to do--I have a bunch of non-local subnets that are VPN'd (through third-party site-to-site VPN appliances) into the home office network. At this point I'm getting quirky connection berween the home office network and the remote networks. Thanks, Rob -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, September 13, 2004 11:13 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup http://www.ISAserver.org This is asking for trouble. You can't create a network object for specific IPs; although you can associate IPsets with existing network objects (this is how you associate non-local subnets with network objects). RIS operates with DHCP; if you have to combine boxes, combine those two, not ISA. You *can* combine IIS with ISA, but why? If you need all that and a bag-o'-chips, then buy SBS; it's built and designed to give you an all-in-one scenario. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ----- Original Message ----- From: <vesterby@xxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 13, 2004 07:15 Subject: [isalist] Fw: ISA Server 2004 Issues Followup http://www.ISAserver.org I tried implementing the suggestions that both Jim and Tom made to resolve the Java app issue, but none of them worked. It seems the only way I'm going to resolve this is to give the java app users static IP addresses, create a separate network object with those IP addresses with authentication turned off, and then create a new access rule with the new network object. Any other suggestions on that? I have another issue. My company wants me to implement Microsoft SUS and RIS on the same box as ISA Server 2004. I found out that SUS listens on port 80, is dependent on IIS, and can't be changed (according to Microsoft). Any problems with reconfiguring the ISA server listeners to listen on ports other than port 80 to avoid potential conflicts? Thanks. ---------- Forwarded Message ---------- Recall that I mentioned we are currently using Proxy Server 2.0 and are going to get rid of it in favor of ISA Server 2004. When we addressed the java application issue for Proxy 2.0, we fixed the problem by installing the Proxy Client software on the client's workstations. This enabled the users to connect to the java application via Winsock and everything worked. The authentication issue didn't matter. In order to fix this issue, isn't there a way to do something similar in ISA Server 2004? I did try installing the Firewall Client software on my workstation and attempted to access the java application with that, but it didn't work. Should I explore the option of using SecureNat? I appreciate the help. ________________________________________________________________ Get your name as your email address. Includes spam protection, 1GB storage, no ads and more Only $1.99/ month - visit http://www.mysite.com/name today! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx