Great .. thank U Tom .. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, November 05, 2003 6:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Browsing Question http://www.ISAserver.org Hi Glenn, You're in a situation that I've found myself in many times -- I've got things working the way I want, but for all the wrong reasons :-) What you want to do is create a split DNS, and allow ONLY external hosts to query the DNS server hosting your external records, even if that server is located on the internal network. Internal network clients, including the ISA firewall, should use the internal DNS server that contains ONLY internal addresses for your zones. Then you configure the Web Proxy clients to use the autoconfig script and set up the Web Proxy clients to use Direct Access for LDT entries, and bingo! It works and for all the right reasons :-) Thanks! Tom _____ From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Tuesday, November 04, 2003 7:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Browsing Question http://www.ISAserver.org Will Do - Thank U Tom, I played around with it late this afternoon and discovered with some reading and tinkering that I could leave my Internet Browser setting as is, adjust my default route to point to the private interface on ISA, then in the IP settings on the client computer, set 2 DNS servers, my primary being the Internal DNS server and the secondary being the Published Public DNS server I have on my DMZ, the same DNS server ISA gets it's answers from for external queries and any queries for any server names that I advertise to the world. This seems to work just fine, I can point my browser to both External and Internal sites and I get both. I also read that even though Browser proxy setting are not used the proxy cache is still used when the firewall service gets evolved. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, November 04, 2003 6:52 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Browsing Question http://www.ISAserver.org Hi Glenn, For SecureNAT clients, you need to configure them to use a DNS server that can resolve both internal and external names. For Web Proxy clients, you need to configure them to use the autoconfig script, then configure the LDT that contains the internal zones, and then configure the Web Proxy client settings in the ISA Management console so that Web Proxy clients use the LDT to determine Direct Access. Check out my article on Direct Access over at www.isaserver.org/shinder <http://www.isaserver.org/shinder> HTH, Tom _____ From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Tuesday, November 04, 2003 12:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Browsing Question http://www.ISAserver.org My default gateway is set to my ISA's private interface, and my Internet Browser has the Proxy settings set to point to the same private interface of ISA, I can browse the internet just fine but I am not able to resolve any internal web sites I might have on the same subnet as the ISA's private interface, but as soon as I turn off the Proxy settings in my Internet Browser and still having my default gateway set to the inside interface if ISA, I can browse both External and Private web sites? Yes, I have the By Pass Proxy Settings enabled for private addresses. it is not until I remove the proxy settings in the browser can I see both Internet and Private sites? I also noticed that the firewall service on ISA is managing my Internet connection as apposed to the Proxy service, does this mean that I am not taking advantage of the Proxy Cache? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')