RE: ISA Browsing Question

• From: Glenn Maks <gmaks@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 6 Nov 2003 09:24:33 -0500

Great .. thank U Tom .. 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, November 05, 2003 6:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Browsing Question


http://www.ISAserver.org

Hi Glenn,
 
You're in a situation that I've found myself in many times -- I've got
things working the way I want, but for all the wrong reasons :-)
 
What you want to do is create a split DNS, and allow ONLY external hosts to
query the DNS server hosting your external records, even if that server is
located on the internal network. Internal network clients, including the ISA
firewall, should use the internal DNS server that contains ONLY internal
addresses for your zones. 
 
Then you configure the Web Proxy clients to use the autoconfig script and
set up the Web Proxy clients to use Direct Access for LDT entries, and
bingo! It works and for all the right reasons :-)
 
Thanks!
Tom

  _____  

From: Glenn Maks [mailto:gmaks@xxxxxxxxx] 
Sent: Tuesday, November 04, 2003 7:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Browsing Question


http://www.ISAserver.org

Will Do - Thank U Tom, I played around with it late this afternoon and
discovered with some reading and tinkering that I could leave my Internet
Browser setting as is, adjust my default route to point to the private
interface on ISA, then in the IP settings on the client computer, set 2 DNS
servers, my primary being the Internal DNS server and the secondary being
the Published Public DNS server I have on my DMZ, the same DNS server ISA
gets it's answers from for external queries and any queries for any server
names that I advertise to the world. This seems to work just fine, I can
point my browser to both External and Internal sites and I get both. I also
read that even though Browser proxy setting are not used the proxy cache is
still used when the firewall service gets evolved. 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, November 04, 2003 6:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Browsing Question


http://www.ISAserver.org

Hi Glenn,
 
For SecureNAT clients, you need to configure them to use a DNS server that
can resolve both internal and external names.
 
For Web Proxy clients, you need to configure them to use the autoconfig
script, then configure the LDT that contains the internal zones, and then
configure the Web Proxy client settings in the ISA Management console so
that Web Proxy clients use the LDT to determine Direct Access. Check out my
article on Direct Access over at www.isaserver.org/shinder
<http://www.isaserver.org/shinder> 
 
HTH,
Tom

  _____  

From: Glenn Maks [mailto:gmaks@xxxxxxxxx] 
Sent: Tuesday, November 04, 2003 12:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Browsing Question


http://www.ISAserver.org


My default gateway is set to my ISA's private interface, and my Internet
Browser has the Proxy settings set to point to the same private interface of
ISA, I can browse the internet just fine but I am not able to resolve any
internal web sites I might have on the same subnet as the ISA's private
interface, but as soon as I turn off the Proxy settings

in my Internet Browser and still having my default gateway set to the inside
interface if ISA, I can browse both External and Private web sites? Yes, I
have the By Pass Proxy Settings enabled for private addresses. it is not
until I remove the proxy settings in the browser can I see both Internet and
Private sites?  I also noticed that the firewall service on ISA is managing
my Internet connection as apposed to the Proxy service, does this mean that
I am not taking advantage of the Proxy Cache?


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » ISA Browsing Question
• » RE: ISA Browsing Question
• » RE: ISA Browsing Question
• » RE: ISA Browsing Question
• » RE: ISA Browsing Question
• » RE: ISA Browsing Question
• » RE: ISA Browsing Question
• » RE: ISA Browsing Question
• » RE: ISA Browsing Question

1. Home
2. isalist
3. Archive
4. 11-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---