Re: Help :(

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 9 Sep 2001 08:28:18 -0700

Maybe that's the key; I never tried that.
My attempts to server publish DNS on the ISA itself failed, even though I
told DNS to only use the internal interface.
Only packet filtering would do the trick.  Maybe I'll try that, though I
doubt if I'll keep it.  I like having alerts.

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, September 08, 2001 8:08 PM
Subject: [isalist] Re: Help :(


http://www.ISAserver.org


Hi Jim,

What sort of issues have you seen with DNS? Seems to work OK once I
disable the DNS intrustion detection filter :-)

Thanks!

Tom
www.isaserver.org/shinder

Thomas W Shinder, M.D., MCSE, MCT

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, September 08, 2001 8:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Help :(


http://www.ISAserver.org


In preference order:
1. Server publish to an internal server.  As you've noticed, some
services on the ISA don't play right with server publishing rules (DNS
comes to mind).
2. Server publish on the ISA with the app bound only to the internal IP
3. Packet filters with the app bound to all NICs

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: Mark Strangways
To: [ISAserver.org Discussion List]
Sent: Saturday, September 08, 2001 5:03 PM
Subject: [isalist] Re: Help :(


http://www.ISAserver.org


I can bind it to the internal address, but that didn't work for me. But
then again It might have been my incorrect port selection.
I will try it again, as I suppose it's better to have only the server
pub rules with there appropriate protocol definitions.
What is the most secure way ? Other than not using it to begin with :)

Thanks,

Mark
----- Original Message -----
From: Jim Harrison
To: [ISAserver.org Discussion List]
Sent: Saturday, September 08, 2001 7:58 PM
Subject: [isalist] Re: Help :(


http://www.ISAserver.org


Yep; unless you can bind the app to only the internal NIC, in which case
the packet filters are superfluous and server publishing should be just
fine.

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: Mark Strangways
To: [ISAserver.org Discussion List]
Sent: Saturday, September 08, 2001 4:56 PM
Subject: [isalist] Re: Help :(


http://www.ISAserver.org


The app requires 5500,5501,5502,5503 be available .
I have created 4 Packet filters, and 4 publishing rules, as well as 4
protocol rules, (inbound).
I covered all angles, now what should I just need ? The packet filters ?

regards,

Mark
----- Original Message -----
From: Jim Harrison
To: [ISAserver.org Discussion List]
Sent: Saturday, September 08, 2001 7:44 PM
Subject: [isalist] Re: Help :(


http://www.ISAserver.org


1. Check your IPEXT...log for refusals; "Blocked"
2. Check your FWEXT...log for acceptance. "Accept" is inbound, "Connect"
is outbound.

Are you sure the app doesn't need secondary connections?  Those aren't
available in Packet Filters.

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: Mark Strangways
To: [ISAserver.org Discussion List]
Sent: Saturday, September 08, 2001 1:14 PM
Subject: [isalist] Help :(


http://www.ISAserver.org


Hi all,

I'm trying to publish a server on my isa box at port 5500... but I
cannot get it to work.
I have the server publishing rule in place, and have made packet
filters.
But the app doesn't connect and respond to clients, and at this point I
don't know if ISA is accepting the remote client.

Any suggestions ?

Thanks,

Mark
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
strangconst@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
strangconst@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Help!
• » RE: Help!
• » RE: Help!
• » Help
• » RE: Help
• » RE: Help
• » RE: Help
• » Help
• » RE: Help
• » RE: Help
• » RE: Help
• » RE: Help
• » Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » RE: Help!!!
• » Help
• » RE: Help
• » Help
• » Re: Help
• » Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Re: Help :(
• » Help!
• » Re: Help!

1. Home
2. isalist
3. Archive
4. 09-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---