http://www.ISAserver.org ------------------------------------------------------- Is that ignorance you are showing? That's funny... It looked like your ass to me ;)))))))) t On 3/30/06 5:52 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > Showing my ignorance again...:(..I always thought NAT supplied the > external IP to hide your internals...oh well, one learns something new > every day about tcp stuff..... > > S > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Thursday, March 30, 2006 9:51 PM > To: ISA Mailing List > Subject: [isalist] Re: Interesting question... > > http://www.ISAserver.org > ------------------------------------------------------- > > Nope - it's not. > NAT doesn't break the TCP connection; proxy does. > > This is CERN proxy behavior; the upstream server is blissfully ignorant > of the "real" client IP. > It *may * have access to such niceties as user-agent, but those are not > guaranteed. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Steve Moffat > Sent: Thursday, March 30, 2006 17:31 > To: ISA Mailing List > Subject: [isalist] Re: Interesting question... > > You are correct, It's doing NAT. > > > > S > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Ball, Dan > Sent: Thursday, March 30, 2006 8:26 PM > To: ISA Mailing List > Subject: [isalist] Interesting question... > > > > I was trying to assist someone with logging traffic, and this is the > explanation I got... > > > > ----------Quote---------- > > Our network consists of a single Internet filter on the outisde > > (Screendoor) with several ISA 2000 and 2004 servers behind it. The > client computer makes a request to a web site that will be blocked by > screen door, it passes out the ISA server to Screendoor, Screendoor > blocks it and the client ends up with a page could not be displayed > message. Of course Screendoor in that example doesn't know what private > ip address that request came from only the ISA server does, in my case > the ISA 2004 server is configured in firewall/cache mode. Because of > the problem we had been having with screendoor allowing the bad site to > load if the user refreshed enough times we told screendoor to redirect > the user to another site instead of just blocking them. The redirected > site will be on our local web server. What I was asking is if we could > embed a script of some sort on that local web site that would collect > their private ip address as well as the local nds/ad username and store > it in a log file. I'm trying to avoid requiring the users to login to > the Internet separately from logging into the network and because the > Internet filter is outside the firewall integrating it with nds/ad isn't > really an option either. We're ultimately moving to a Dansguardian > solution anyway and possibly several of them (inside each firewall and > one possibly outside the firwall where Screendoor currently sits) so it > will become a mute point eventually anyway. > > ----------End Quote---------- > > > > Am I correct to assume that all traffic coming out of the ISA server > would be stripped of all identifying information, and the server it was > redirected to would only show the IP of the screendoor/ISA server? > > > > > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx