Hi Tom, what kind of workarounds for the problem are you talking about? Can you share them? Thanks, Stefaan _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: woensdag 8 februari 2006 19:27 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 SP2 and Direct Access http://www.ISAserver.org Hi Tiago, Perhaps. If you depend on your Direct Access list (and who doesn't?). Its already caused me some lost hours of sleep, but I haven't characterized it as well as Stefaan has, since I've found workarounds for the problem. I don't want to do an article on it until the problem has been characterized better by MS. I *suspect* its a known problem internally, but they don't want to say anything until they have a fix or workaround. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7 MVP -- ISA Firewalls _____ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Wednesday, February 08, 2006 12:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 SP2 and Direct Access http://www.ISAserver.org I guess I'll hold the SP2 upgrade 'till this is settled =) Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> tshinder@xxxxxxxxxxx 8/2/2006 15:21 >>> http://www.ISAserver.org Hi Stefaan, Ha! I thought I was going crazy when I kept saying that SP2 broke Direct Access. I'm glad you're seeing the same thing. I thought perhaps it was something whack with my test bed. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx] Sent: Wednesday, February 08, 2006 10:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA 2004 SP2 and Direct Access http://www.ISAserver.org Hey guys, There is a change in behavior if you configure sites for direct access (ISA Internal Network properties -> Web Browser). It doesn't work the same as in SP1! This is the configuration: a workstation with the Firewall client installed and IE configured with the routing script. 1. If you configure only the IP range for direct access: a) a request by FQDN in IE is sent as a Web Proxy client request. b) a request by IP in IE is sent as a Firewall client request. 2. If you configure only the domain for direct access: a) a request by FQDN in IE is sent as a Web Proxy client request. b) a request by IP in IE is sent as a Web Proxy client request. 3. If you configure both the domain *and* the corresponding IP range for direct access: a) a request by FQDN in IE is sent as a Firewall client request. b) a request by IP in IE is sent as a Firewall client request. So, the question is obviously why is for case 2.a the request not sent as a Firewall client request (this was the behavior in SP1)? Is this a bug and is there a workaround other than adding the corresponding IP range?