Hi Dan, Did you miss the "it depends" part? If you configure the FWC statically, it will block. If you have it configured "automatically", it will self-disable. The same is true for IE - auto-detection is the on ly way you can reliably move between ISA- and non-ISA-served networks. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- ________________________________________ From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, March 02, 2005 11:28 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server 2004 Standard Edition SP1 http://www.ISAserver.org Okay, found the message I was referring to... Quote: ----------------------------------------------------- -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Saturday, 29 January 2005 1:04 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Firewall client with vpn http://www.ISAserver.org The answer is: - it depends... Case 1 - the FWC is configured to "automatically detect": the FWC will seek out the ISA it last knew of and if that fails, it will try auto-detection (wpad). If that also fails, FWC will self-disable, but retry every so often. This leaves the WFC host acting as a SecureNET client. Case 2 - the FWC is configured to use a specific ISA: the FWC will attempt to contact that ISA and if this fails, will block non-local-subnet Winsock traffic completely. What this boils down to is if your cross-VPN name resolution sucks, so will the client experience. ----------------------------------------------------- End Quote... So, if it doesn't work like this in actual practice, how is it "supposed" to work? ________________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, March 02, 2005 14:02 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server 2004 Standard Edition SP1 http://www.ISAserver.org Hi Dan, I'm just telling you how it works in practice for me. It appears to shut itself off if it can't find the ISA firewall. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.