Re: Fw: ISA Server 2004 Issues Followup

• From: "Rob Moore" <RMoore@xxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 14 Sep 2004 11:50:51 -0400

I've got a split DNS. Always have had.

R. 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, September 14, 2004 9:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup

http://www.ISAserver.org

Hi Rob,

Remember what I said about split DNS. That's for you too :-)

There is an article on the www.isaserver.org site on DNS considerations
for branch office deployments and it, of course, extols the virtues of
the split DNS.

Check it out and let us know if you have questions on it.

HTH,
Tom 

-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Monday, September 13, 2004 2:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup

http://www.ISAserver.org

More quirkiness--When I publish a web server on the ISA 2004 box, it
works just fine internally and externally, but my remote sites can't
load the pages. They can ping them by name or address, but can't load
them in IE (neither by name nor address). Also, my RDP sessions are very
unstable now (I'm using the firewall for my default gateway).

Thanks,
Rob

-----Original Message-----
From: Rob Moore
Sent: Monday, September 13, 2004 1:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup

http://www.ISAserver.org

I think I've done that. In "1" I assume you mean the routing table for
the ISA 2004 server, right? I've got that.

I've also done "2".

Clint Denham's article says I should also create Subnet Objects (in ISA
2004) for these subnets. He says: "Once all of these address ranges are
included in the Network, you should go into the Firewall Policy ->
Toolbox -> Network Objects and create new "Subnets" for the .0, .10, .20
and .30 [his sample subnets] subnets and then create Firewall Policy
Access Rules that apply to the Subnets instead of the "Network"." I
created one rule with the intent of allowing all traffic to pass between
the remote subnets and the home network. Since I did that, things are
working better, but still not perfectly. For example, DNS traffic seems
to pass very slowly, and drive mappings don't pass through at all (e.g.,
when I RDP to a remote server, my local drive mappings don't connect,
though I can ping from the remote server to the ISA 2004 box here in
Philadelphia; this all worked just fine with my ISA 2000 box).

Tearing my hair out...

Rob

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, September 13, 2004 1:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup

http://www.ISAserver.org

1 - make sure the ISA routing table understands that subnet "S" is
reachable through interface "I".
2 - add subnet "S" to the network object that services interface "I"
using the "addresses" tab in "Properties"

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message -----
From: "Rob Moore" <RMoore@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 08:27
Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup


http://www.ISAserver.org

Hi Jim--

Can you tell me how to "associate Ipsets with existing network objects"?
I think this is what I need to do--I have a bunch of non-local subnets
that are VPN'd (through third-party site-to-site VPN appliances) into
the home office network. At this point I'm getting quirky connection
berween the home office network and the remote networks.

Thanks,
Rob

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, September 13, 2004 11:13 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Fw: ISA Server 2004 Issues Followup

http://www.ISAserver.org

This is asking for trouble.
You can't create a network object for specific IPs; although you can
associate IPsets with existing network objects (this is how you
associate non-local subnets with network objects).
RIS operates with DHCP; if you have to combine boxes, combine those two,
not ISA.
You *can* combine IIS with ISA, but why?
If you need all that and a bag-o'-chips, then buy SBS; it's built and
designed to give you an all-in-one scenario.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message -----
From: <vesterby@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 07:15
Subject: [isalist] Fw: ISA Server 2004 Issues Followup


http://www.ISAserver.org


I tried implementing the suggestions that both Jim and Tom made to
resolve the Java app issue, but none of them worked.  It seems the only
way I'm going to resolve this is to give the java app users static IP
addresses, create a separate network object with those IP addresses with
authentication turned off, and then create a new access rule with the
new network object.  Any other suggestions on that?

I have another issue.  My company wants me to implement Microsoft SUS
and RIS on the same box as ISA Server 2004.  I found out that SUS
listens on port 80, is dependent on IIS, and can't be changed (according
to Microsoft).  Any problems with reconfiguring the ISA server listeners
to listen on ports other than port 80 to avoid potential conflicts?
Thanks.

---------- Forwarded Message ----------

Recall that I mentioned we are currently using Proxy Server 2.0 and are
going to get rid of it in favor of ISA Server 2004.  When we addressed
the java application issue for Proxy 2.0, we fixed the problem by
installing the Proxy Client software on the client's workstations.  This
enabled the users to connect to the java application via Winsock and
everything worked.  The authentication issue didn't matter.

In order to fix this issue, isn't there a way to do something similar in
ISA Server 2004?  I did try installing the Firewall Client software on
my workstation and attempted to access the java application with that,
but it didn't work.  Should I explore the option of using SecureNat?  I
appreciate the help.


________________________________________________________________
Get your name as your email address.
Includes spam protection, 1GB storage, no ads and more Only $1.99/ month
- visit http://www.mysite.com/name today!

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup
• » Re: Fw: ISA Server 2004 Issues Followup

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---