RE: ISA 2004 SP2 and Direct Access

  • From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 10 Feb 2006 12:45:16 +0100

Hi Tom, 

Euh... It doesn't work in my case! Grrr....

Take the following case: 
1. we have to specify some IP ranges for direct access (VPN client access
passthrough). We can't use FQDN's or domain names for that.
2. we have to specify things such as '*.msn.com' and '*.hotmail.com' for
direct as well. 

In that case, the entries specified under 2. doesn't work anymore unless you
specify the IP ranges too. Needless to say that that is very often
impossible and certainly not manageable.

Does any body have a solution for this one?  

Stefaan

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: vrijdag 10 februari 2006 4:18
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access

http://www.ISAserver.org

Ha Ha!

It worked!

Time to write up an article on this and provide some virtual tissue to
handle the crying :)

Tom 


Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, February 09, 2006 9:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access

http://www.ISAserver.org

YIKES!!! That really suX0RS.

Now I need to take all the IP addresses out of my Direct Access List,
because I have no idea how stable the addresses of Internet servers are that
have their FQDNs included in the Direct Access list.

BEGGING: is there a way to turn off this feature?

Thanks!
Tom 


Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, February 09, 2006 1:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access

http://www.ISAserver.org

http://support.microsoft.com/kb/903746 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Thursday, February 09, 2006 06:45
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access

http://www.ISAserver.org

Can you re-send the KB link?  Or was it private?

t

-----
"I don't want their respect, I want their obedience."
Dr. Thomas W. Shinder, M.D.



----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, February 09, 2006 6:27 AM
Subject: [isalist] RE: ISA 2004 SP2 and Direct Access


> http://www.ISAserver.org
>
> I sent a link to the KB.
> There are no changes to autodetection; just how the script it provides 
> causes the browser to behave.
>
> Stefaan - lemme know your case #, will you?
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> Sent: Thursday, February 09, 2006 12:38 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
>
> http://www.ISAserver.org
>
> I feel strange answer from Jim already because he keeps saying the 
> script to populate IP adress into direct access list but that IP 
> address range is for protected network only, he has not answered 
> anything about this new SP2 Autodection merchanism...
>
>
>> Hi Tom,
>>
>> No comments from Jim? That's strange...
>>
>> Stefaan
>>
>> -----Original Message-----
>> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
>> Sent: woensdag 8 februari 2006 18:21
>> To: [ISAserver.org Discussion List]
>> Subject: [isalist] RE: ISA 2004 SP2 and Direct Access
>>
>> http://www.ISAserver.org
>>
>> Hi Stefaan,
>>
>> Ha! I thought I was going crazy when I kept saying that SP2 broke
> Direct
>> Access. I'm glad you're seeing the same thing. I thought perhaps it
> was
>> something whack with my test bed.
>>
>> Tom
>>
>>
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://spaces.msn.com/members/drisa/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>>
>>
>> -----Original Message-----
>> From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx]
>> Sent: Wednesday, February 08, 2006 10:42 AM
>> To: [ISAserver.org Discussion List]
>> Subject: [isalist] ISA 2004 SP2 and Direct Access
>>
>> http://www.ISAserver.org
>>
>> Hey guys,
>>
>> There is a change in behavior if you configure sites for direct
access
> (ISA
>> Internal Network properties -> Web Browser). It doesn't work the same
> as in
>> SP1!
>>
>> This is the configuration: a workstation with the Firewall client
> installed
>> and IE configured with the routing script.
>>
>> 1. If you configure only the IP range for direct access:
>>    a) a request by FQDN in IE is sent as a Web Proxy client request.
>>    b) a request by IP in IE is sent as a Firewall client request.
>>
>> 2. If you configure only the domain for direct access:
>>    a) a request by FQDN in IE is sent as a Web Proxy client request.
>>    b) a request by IP in IE is sent as a Web Proxy client request.
>>
>> 3. If you configure both the domain *and* the corresponding IP range
> for
>> direct access:
>>    a) a request by FQDN in IE is sent as a Firewall client request.
>>    b) a request by IP in IE is sent as a Firewall client request.
>>
>>
>> So, the question is obviously why is for case 2.a the request not
sent
> as a
>> Firewall client request (this was the behavior in SP1)?
>> Is this a bug and is there a workaround other than adding the
> corresponding
>> IP range?
>>
>>
>> Thanks,
>> Stefaan
>>
>> ----------------------------------------------------------------
>>
>> Disclaimer
>>
>> De informatie in dit bericht is uitsluitend bedoeld voor de
> geadresseerde en
>> kan vertrouwelijke en/of bevoorrechte gegevens en/of door 
>> intellectuele-eigendomsrechten beschermde informatie bevatten.
>> Als u niet de geadresseerde bent, gelieve dit bericht te verwijderen
> en de
>> afzender te verwittigen. U mag dit bericht niet gebruiken, wijzigen, 
>> dupliceren of verspreiden, noch de inhoud ervan bekendmaken aan een
> derde.
>> De veiligheid of juistheid van e-mailberichten kan niet gegarandeerd
> worden,
>> vermits de informatie onderschept, verbasterd of vernietigd kan
> worden, zoek
>> kan raken, te laat of onvolledig kan aankomen of virussen kan
> bevatten.
>> Cevi NV aanvaardt geen enkele aansprakelijkheid voor verlies of
schade
> die
>> op enigerlei wijze te wijten is aan het gebruik van het medium.
>> Eventuele standpunten of meningen in dit bericht zijn die van de
> auteur en
>> geven niet noodzakelijk die van Cevi NV of zijn verbonden
> ondernemingen
>> weer.
>> Bijgevolg bindt dit e-mailbericht Cevi NV niet, tenzij het een 
>> uitdrukkelijke andersluidende verklaring van een gemachtigde 
>> vertegenwoordiger bevat.
>>
>> Cevi NV, Bisdomplein 3, 9000 Gent - tel. 09 264 07 01 - Rek. nr.
>> 091-0015991-15
>>                            RPR Gent - BTW BE 0860.972.295 -
> cevi@xxxxxxx
>>
>>
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion List
as:
>> tshinder@xxxxxxxxxxxxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion List
as:
>> stefaan.pouseele@xxxxxxxxx To unsubscribe visit 
>> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2006