[isalist] Re: Help with access rules (no preaching please)

• From: "John T \(lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Fri, 12 Oct 2007 13:33:47 -0700

Gee Tom, you broke the rule, no preaching.

 

John T

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Friday, October 12, 2007 1:17 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Help with access rules (no preaching please)

 

I don't want to step into something that I have no knowledge whatsoever
about, but shouldn't the add-on vendor have some very explicit instructions
on how to configure this?

 

Tom

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Roy Tsao
Sent: Friday, October 12, 2007 11:01 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Help with access rules (no preaching please)

 

ISA shall be placed as downstream if authentication is required but 

I am still wondering if such downstream scenario works because IWSS

and ISA seem looped on same machine.

----- Original Message ----- 

From: Jim Harrison <mailto:Jim@xxxxxxxxxxxx>  

To: isalist@xxxxxxxxxxxxx 

Sent: Friday, October 12, 2007 9:56 PM

Subject: [isalist] Re: Help with access rules (no preaching please)

 

Amy,

 

Actually, that's not true.  In the context of the traffic flow from the
client to the endpoint server, ISA _is_ either "upstream" or "downstream"
from IWSS, regardless of where IWSS is installed.

..lemme 'splain:

 

Traffic doth flow thusly:

(ISA downstream) Client --> ISA --> IWSS --> Web Server

..or thusly:

(ISA upstream) Client --> IWSS --> ISA --> Web Server

 

It doesn't matter that the two applications share the same processor space;
the traffic still flows serially.

In either case, ISA policies will determine whether ortnot IWSS gets the
traffic. but the simpler scenario is defined when ISA is "upstream" from
IWSS because you don't have to configure (and manage) ISA web chaining rules
to accomplish the task.

 

Jim

 

  _____  

From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf
Of Amy Babinchak [amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, October 12, 2007 6:03 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Help with access rules (no preaching please)

Nathan,

 

Your ISA box is neither upstream nor downstream because you are installing
on the same box. This means, using your example, that your rule would be
localhost to external. You are going to have to interpret the instructions
to your situation.

 

Amy 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Nathan
Sent: Friday, October 12, 2007 12:37 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Help with access rules (no preaching please)

 

Hi,

 

I have a need to install ISA 2006 SE on the same box as Trend Micros IWSS.
We don't have enough hardware to install on 2 seperate pieces of hardware.

 

I am having trouble setting this up with either the ISA being an upstream or
downstream server. I am not sure which way is best.

 

There are 2 KB articles on the Trend site saying how to install in either
situation.

 

ISA upstream
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-126115
<http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-126115&id=EN
-126115> &id=EN-126115

ISA downstream
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-124425
<http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-124425&id=EN
-124425> &id=EN-124425

 

We want ISA to do the authenticating.

 

This is the screen that you edit the IWSS properties

 



 

I just can't seem to get this to work. Are there any special Access Rules
that you need to setup to have IWSS pass traffic to ISA? To have ISA as
upstream all the doc above says is to open Internal to External, but this
doesn't seem to work.

 

I have tried to find sites with other products that do the same kind of
thing, but nothing seems to make this work.

 

We had this working with ISA 2000 but 2006 this is way different.

 

This is a fresh ISA install.

 

All help really appreciated.

 

Thanks

 

Nathan

Lara, Vic, Australia


ExchangeDefender Message Security: Check Authenticity
<http://www.exchangedefender.com/verify.asp?id=l9CD494v025414&from=amy@harbo
rcomputerservices.net> 

• References:
  • [isalist] Re: Help with access rules (no preaching please)
    • From: Thomas W Shinder

Other related posts:

• » [isalist] Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)
• » [isalist] Re: Help with access rules (no preaching please)

1. Home
2. isalist
3. Archive
4. 10-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---