RE: Globally set proxy in IE and 2004 VPN question( s)
- From: "Greg Hess" <gmh@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>, "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 Jul 2004 11:55:36 -0400
well, my scenario is that I have a vendor's server that sits on one of my
networks, that has to talk to a sensitive network that I run, and another
vendor's network. I would like to hook all three up to ISA 2004 and setup a VPN
from the one vendor server to reach the other two. Ideas? I can do this?
tx.
g.
-----Original Message-----
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Wed 7/21/2004 11:46 AM
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN
question( s)
http://www.ISAserver.org
I really don't have any plans, I have a bunch of servers at
home that I have
set up, and I have some spare VIA C3 systems that I let my
friends use as
web/ftp servers for whatever they want to do with the
understanding that I'm
not responsible if I need more space on my system and "borrow"
the boot
drive to store mpeg clips from my ReplayTV.... This sounds
like an
interesting way of letting them just VPN into their server on
their own
network and keep them off my research/practice/personal
domain.....
I'm guessing that's chapter 5 in your new 2004 book, which now
I'll be
forced to buy in addition to all the other ones..... Oh wait, I
filled up
that book self, I'll have to build another one.... Oh, wait, I
put the fish
tank there..... I'll have to move the tv then, but I don't have
anywhere
else in the room with that many plug in's and cat5 drops....
Damn you and your books! I'll have to build a new room onto the
house to put
them in.... =?)
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 10:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN
question( s)
http://www.ISAserver.org
Hi Troy,
I've included some information in chapter 5 of the book and
will include
even more in the VPN chapter (chapter 8), but I don't think
there's anything
on the Microsoft site yet. There is also some info on RADIUS
configure for
VPN clients in the ISA 2004 VPN kit
(www.msfirewall.org/isa2004kits.htm) but not specific for the
tri-homed
setup.
What do you have in mind for your RADIUS plan?
Thanks!
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 8:44 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN
question(
s)
http://www.ISAserver.org
Is there a write up on this 3+ NIC config with RADIUS somewhere
Tom? I've
used RADIUS with Cisco stuff before, but not Windows based
equipment.
TIA
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 8:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN
question(s)
http://www.ISAserver.org
Hi Greg,
Yes, the update button will refresh the Web Proxy config for
the other
users.
You definitely can VPN to different segments -- just create the
appropriate
access rules. Suppose you have 10 NICs install on the ISA
firewall. You want
VPN users to access networks attached to the other 9 NICs based
on their
user account and group membership. No problem! That's a
no-brainer for the
ISA firewall. Each NIC can host another organization and you
can configure
access policy to allow users to access the networks they need
to without
allowing them access to other networks. What cool is you can
use RADIUS and
a list of RADIUS servers to simplify this otherwise complex
"federated"
scenario.
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Greg Hess [mailto:gmh@xxxxxxxx]
Sent: Wednesday, July 21, 2004 8:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN
question(s)
http://www.ISAserver.org
Tom,
Thanks for the quick reply! Are you talking the 'update' button
in the
firewall client? Also, can I VPN onto two different segments on
the ISA 2004
box? I've never tried that but have a need.
Greg.
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 9:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN
question(s)
http://www.ISAserver.org
Hi Greg,
Subsequent users can use the Firewall client dialog box to set
their
browsers too. Just doesn't happen automatically (sort of like
my 1040s don't
get file automatically :-)
There are two very good contenders for ISA firewall appliances:
www.rimapp.com and www.networkengines.com So far, the Rimapp
is more
"appliancized" with a complete conversion to Web interface --
you never have
to touch the MMC and can use the Web interface for total
firewall
management.
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Greg Hess [mailto:gmh@xxxxxxxx]
Sent: Wednesday, July 21, 2004 8:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Globally set proxy in IE and 2004 VPN
question(s)
http://www.ISAserver.org
Hey everybody!
I noticed that installing the firewall client sets up the IE
settings for
proxy etc. However, if there is more than one profile on the
PC, it does not
set these IE settings for the other profiles. Is there any way
(non-GPO) to do this? It would help a lot. I've looked at the
registry
settings, but have yet to find a way to set these settings
globally.
- Also -
I would like to set up an isa 2004 appliance (are those ready
yet?) between
three networks such that one machine from one network can vpn
in and connect
to the other two, is this possible, or am I good looking? (I
used to say
crazy, but that was just asking for trouble)
Tx!
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 9:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Hi Ricky,
http://www.amazon.com/exec/obidos/ASIN/1928994296/
;-)
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Chan Ricky-NYKSYPL [mailto:Chan-R@xxxxxxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 8:05 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Hi Tom,
Sorry that I didn't response to your email yesterday because I
left my
office already.
Answer your question, I didn't configured the dial-up entry in
ISA
interface. Can you tell me how to do it?
Please let me know.
Thanks alot.
Ricky
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 6:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Hi Ricky,
Have you configured the dial-up entry yet in the ISA interface?
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Chan Ricky-NYKSYPL [mailto:Chan-R@xxxxxxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 4:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
COOL!!!!
Now, I can ping my local server.
But my client still not able to ping the public address....
Pleae help.
Ricky
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 5:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Hi Ricky,
If you can ping the internal interface of the ISA 2000
firewall, it
indicates your LAT might be messed up. What entries are in your
LAT? Make
sure they include only you internal network ID.
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Chan Ricky-NYKSYPL [mailto:Chan-R@xxxxxxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 3:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Tom,
I'm using ISA server 2000 here. What is your suggestion to
solve this
problem? I'm sorry. I'm newbie in ISA server.
Thanks
Ricky
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 4:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Hi Ricky,
If this is an ISA Server 2000 firewall and the SecureNAT client
on the
internal network can't ping the internal interface of the
firewall, there
are some more pressing issues here.
If you're using an ISA 2004 firewall, then this is normal.
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Chan Ricky-NYKSYPL [mailto:Chan-R@xxxxxxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 3:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Thanks Tom.
However, I followed you article
http://www.isaserver.org/articles/snatdns.html to setup ISA
server, but my
internal client still not able to ping the public address. Now,
I can't even
ping the server internal address.
ISA server:
LAN IP address: 2.2.2.2/24
WAN IP address: DHCP - obtain by DSL
local client:
IP address: 2.2.2.4/24
default gateway: 2.2.2.2
Now, my local client can't ping 2.2.2.2 at all. Would you tell
me why?
Thanks
Ricky
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 11:44 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Hi Ricky,
If you have configured the clients as a SecureNAT client, and
enabled IP
Routing on the ISA 2000 firewall, then that's all you can do
from the
firewall's perspective.
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Chan Ricky-NYKSYPL [mailto:Chan-R@xxxxxxxxxxxxxxx]
Sent: Tuesday, July 20, 2004 9:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
I enabled IP routing, my internal client still not able to
see/ping public
address. Basically, we have a OWA 2003 server which is on the
public
address. I would like to configure isa server, so that it will
allow our
internal client to connect their outlook using "RPC OVER HTTP".
Please
advice.
Thanks
Ricky
-----Original Message-----
From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx]
Sent: Friday, July 16, 2004 11:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question
http://www.ISAserver.org
Enable IP Routing - right click on IP Packet Filters under
Access Policy.
-TRR
> -----Original Message-----
> From: Chan Ricky-NYKSYPL [mailto:Chan-R@xxxxxxxxxxxxxxx]
> Sent: Friday, July 16, 2004 11:00 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] question
>
>
Other related posts:
