Re: Isa + RRAS with public IP

  • From: Barberis Tommy <b.barberis@xxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 21 Oct 2001 21:33:53 +0200

At 11.00 21/10/01 -0700, Jim Harrison wrote:

Sorry...but not work.
I have :
- Insert IP public modem subnet in the LAT
- Enable in the property of Packet filter : Enable Packet Filter for enable Ip Routing
- Insert Protocol Rule that permit access to any from/to IP modem
- No SecureNat configure
- Is present Packet filter for any protocol/both/anyremote in this moment for external IP interfaces of server

If firewall service is down work fine
If firewall service is UP traffic is only possible between Modem and server on the external interface . No traffic is routing from externa interface and Internet or viceversa .

http://www.ISAserver.org


In line...

Jim Harrison
MCP(NT4/2K), A+, Network+, PCG

----- Original Message -----
From: "Barberis Tommy" <b.barberis@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, October 21, 2001 4:34 AM
Subject: [isalist] Isa + RRAS with public IP


http://www.ISAserver.org


Hi !

I have this situation :

- Win 2000 SP2 and 2 NIC (one internal and one external)
- RRAS configured that release PUBLIC IP for user access to Internet
(subnet from-to) with modem .No packet filter enable or particol
configuration

After install ISA integrated mode the modem not work . Any packet blocked
and is only possible ping the server from client .
If Firewall service is down modem work fine .

Is necessary insert subnet in the LAT ?
* Yes, or you could assign modem users a private IP from the LAT
Is necessary enable packet filter ?
* Not if the modem IP is in the LAT; then you use protocol rules
Is necessary enable IP routing ?
* You should always enable IP Routing in the properties of IP Packet
Filtering
Is necessary SecureNat for subnet ?
* SecureNAT is the simplest client configuration, but web client and
firewall client offer user authentication and easier access from clients.

Please send me the exacly configuration is possible for public the PUBLIC
IP and route ALL packet from/to modem :-(

Sorry for my bad english...
Best Regards,


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Barberis Bartolomeo (Tommy) - OSRA Paghe S.p.a.
  Strada Druento, 290 - 10078 Venaria Reale (Torino) IT
  Tel:+39-11-4243611 Fax:+39-11-4243814
  http://www.osra.it - Email: b.barberis@xxxxxxx
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: b.barberis@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Barberis Bartolomeo (Tommy) - OSRA Paghe S.p.a.
 Strada Druento, 290 - 10078 Venaria Reale (Torino) IT
 Tel:+39-11-4243611 Fax:+39-11-4243814
 http://www.osra.it - Email: b.barberis@xxxxxxx
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2001