RE: Here's a good one

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 6 Feb 2003 21:38:59 -0600

Hi Greg,

You may be able to get this to work if you use the Firewall client. You
definitely cannot use the SecureNAT config. The reason for this is that
the SecureNAT client connections are not proxied, so instead of the ISA
Server sending the response, the server sends the response. Since the
SecureNAT client was expecting a response from the ISA Server, it drops
it. I explored this subject in detail in my blatherings in the ISA
Server and Beyond book.

Why must the internal clients use the public address? The Exchange 2000
IRC server doesn't require this, and I can't imagine its that
sophisticated.

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp 


-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] 
Sent: Thursday, February 06, 2003 9:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Here's a good one


http://www.ISAserver.org


;-)

I've installed a new IM server in my internal network. This IM server in
order to work correctly for internal and external, users
must be able to resolve the host name to the same IP.

Let me see if I can explain this....

The server is running on an internal machine (10.0.0.30)

Our internal DNS server points im.nfti.com to 12.32.70.211

Our external DNS will point im.nfti.com to 12.32.70.211


How would I setup my filters to allow internal users to go out and back
in allowing the ports required for the IM connection?

----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, February 06, 2003 10:23 PM
Subject: [isalist] RE: Here's a good one


http://www.ISAserver.org


Hi Greg,

OK, now that we got that settled, what was the problem? :-)

Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp


-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Thursday, February 06, 2003 9:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Here's a good one


http://www.ISAserver.org


Tom,
This is correct.

The ISA server also takes the request for 111.111.111.111 and forwards
to
the internal address 10.10.10.1

greg
----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, February 06, 2003 10:06 PM
Subject: [isalist] RE: Here's a good one


http://www.ISAserver.org


Hi Greg,

Sounds like it. So, you internal users and ISA Server are using the
internal DNS server to resolve names and the external users are using
the ATT DNS server to resolve names.

So the external user resolves irc.domain.com to 111.111.111.111 and your
internal users resolve it to 10.10.10.1. Right?

Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp


-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Thursday, February 06, 2003 8:35 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Here's a good one


http://www.ISAserver.org


Tom,

AT&T handles DNS for my external resources (web,mx,ftp etc..)

I also run a DNS server on my internal network behind my ISA server for
internal resources.

Is this not split DNS?

Anything external to my network is forwarded to AT&T to resolve via the
forward I have set on the internal DNS.
External requests for internal resources are sent to the External
Interface
of the ISA server and sent through the published rule to it's internal
address.

Thanks

Greg


----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, February 06, 2003 8:29 PM
Subject: [isalist] RE: Here's a good one


http://www.ISAserver.org


Hi Greg,

You do not want to loop back through the ISA Server. Configure a split
DNS and directly access the IRC box. I did this last week and there's no
reason to twist through the ISA Server to access internal resoruces.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp


-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Thursday, February 06, 2003 5:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Here's a good one


http://www.ISAserver.org


Folks,
I sure could use some help with a little problem of mine which I can't
seem to figure out.

I've installed a new IM server in my internal network. This IM server in
order to work correctly for internal and external, users
must be able to resolve the host name to the same IP.

Let me see if I can explain this....

The server is running on an internal machine (10.0.0.30)

Our internal DNS server points im.nfti.com to 12.32.70.211

Our external DNS will point im.nfti.com to 12.32.70.211


How would I setup my filters to allow internal users to go out and back
in allowing the ports required for the IM connection?

For external users I figure I would just publish the server maybe? would
that be correct?

Thanks for your help!


Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2003