Hi Milan, Check out: http://isaserver.org/pages/search.asp?query=ISA+firewall+networks HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: "Milan Göllner" [mailto:milan.goellner@xxxxxxxxxxx] > Sent: Wednesday, October 12, 2005 6:31 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Need some insight on denied traffic > and web proxies > > http://www.ISAserver.org > > Well, I think I solved it, but this is leading me straight to > the next question. How does ISA associate networks to actual > network cards? Or rather, is there a way for me to force ISA > to accept traffic from a certain source on a certain nic? > > > Mit freundlichen Grüßen, > kind regards, > > Milan Göllner > Computer Services & Informationssysteme > CAE Elektronik GmbH > Military Simulation & Training > 52220 Stolberg, Germany > -- > Tel: +49 (2402) 106 691 > eMail: milan.goellner@xxxxxxxxxxx > > -----Original Message----- > From: Milan Göllner [mailto:milan.goellner@xxxxxxxxxxx] > Sent: Wednesday, October 12, 2005 1:22 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Need some insight on denied traffic > and web proxies > > http://www.ISAserver.org > > Just to add to my previous posting, I'm seeing this error: > FWX_E_FWE_SPOOFING_PACKET_DROPPED > > > Mit freundlichen Grüßen, > kind regards, > > Milan Göllner > Computer Services & Informationssysteme > CAE Elektronik GmbH > Military Simulation & Training > 52220 Stolberg, Germany > -- > Tel: +49 (2402) 106 691 > eMail: milan.goellner@xxxxxxxxxxx > > -----Original Message----- > From: Milan Göllner [mailto:milan.goellner@xxxxxxxxxxx] > Sent: Wednesday, October 12, 2005 12:09 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Need some insight on denied traffic and web proxies > > http://www.ISAserver.org > > Greetings list, > > I have an issue in the following scenario, my insight into > ISA is still somewaht limited so right now I'm failing to > understand this. > > I have a default internal network, I have a default external > network, I have an added perimiter network > I have only one nic enabled right now, I'm still testing web > proxy features > I want to enable web proxies for internal and perimiter > networks which I think I did correctly, at least everything > is working when traffic originates from my internal network > > However: my scenario includes various remote webservers only > reachable via vpn tunnles. The remote web servers will only > accept traffic originating in our internal network. Whilst > playing around with this scenario I noticed the following: > I have set up an access rule allowing everything from > perimiter to ISA server, later on this will again be reduced > to whatever is actually needed. On a host in the perimiter I > entered the internal IP of ISA as the proxy, the perimiter > actually gets 'routed' across a PIX sitting in between as > well. I then try to access a remote web server, however, > access is denied. ISA's monitor denies access to port 8080. > The originating IP is taht of the actual host, target is ISA. > The access rule permits everything from perimiter to ISA. > > I created the perimiter network as a network enabling the > proxy on it as well as a network range containing the IPs of > the perimiter network. I tried combinations of various > objects in the access rule, finally opening up everything, > but still I get an access denied which I don't get. Where is > the error? (I'll gladly accept references to Tom's book or > some website, this has probably been discussed somewhere > before and I'm sorry if I'm bringing this up again) > > Thank you for your time > > Mit freundlichen Grüßen, > kind regards, > > Milan Göllner > Computer Services & Informationssysteme > CAE Elektronik GmbH > Military Simulation & Training > 52220 Stolberg, Germany > -- > Tel: +49 (2402) 106 691 > eMail: milan.goellner@xxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: milan.goellner@xxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: milan.goellner@xxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >