Newbie Needs Help

• From: "Tom Rogers" <trogers@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 30 Jun 2004 15:23:00 -0400

First of all, is this list a place for newbies to get help or is it only for 
seasoned pro's?

If newbies can obtain help via this list, then here's my scenario...

I have a simple, single domain, single subnet W2K network. I have 6 servers 
total and various servers run DHCP, DNS, WINS, Exchange 2000, Proxy Server 2.0 
SP-1, IIS-5, etc.

I am trying to implement an ISA 2000 Server. This is a brand new box. It has 
two NICs, one internal and one connected to a Road Runner Cable Modem which 
assigned IPs via DHCP. I have both my NICs setup properly - following the 
tutorial on ISAserver.org

I need to allow the following services to run through ISA:

Internet User -> ISA Server -> FTP Server
Internet User -> ISA Server -> WEB Server
Internet User -> ISA Server -> OWA 2000 from Internal Exchange 2000 Server 
IIS-5 (Not using SSL, but requiring Windows Authentication

Internet User VIA VPN -> ISA Server -> Internal Network share Access (and to 
use Terminal Server to access Servers) requires Windows Authentication

Internet User VIA pcAnywhere -> ISA Server -> Access any host running 
pcAnywhere, including host on the ISA Server

Exchange/POP3 software [an email gateway (connector) that retrieves messages 
from Internet POP3 email accounts (IMAP also supported) and delivers them to 
Exchange Server] software on ISA Server that goes out to our ISPs mail server, 
downloads all emails into our Exchange Server box -> ISA Server -> Internet (in 
order for this to work, all I need to do is to be able to successfully TELNET 
to our ISP mail server on port 110)

DynIP needs to work (software that automatically tracks dynamic IP addresses 
assigned by our ISP, so we can act like we have a static IP) When I make a web 
connection into my internal web server, i get to use 
http://name.dynip.com/website instead of having to manually keep track of the 
ISP assigned IP number.

Internal User running Outlook Express -> ISA Server -> SMTP/POP3 to Road Runner 
ISP on Internet
Internal User running AOL Instant Messenger -> ISA Server -> Internet
Internal User running Weatherbug - > ISA Server -> Internet
Internal User running MS IE 6.0 SP-1 -> ISA Server -> Internet
Internal User running MS Windows Media Player 9 -> ISA Server -> Internet
Internal User running RealOne Player 10 -> ISA Server -> Internet
Internal User running Listen Rhapsody 2.1 -> ISA Server -> Internet

Ok, I know it's alot, but that is my task. When I installed ISA Server, I 
created and enabled a protocol rule so that only our internal INTERNET USERS 
could access the Internet using all protocols, at all times, the ALLOW ACCESS 
(Sites and Content) was already there. This worked fine. I could access the 
internet with my web proxy clients and firewall clients. I even setup the ISA 
server so that it could access the Internet - worked fine.

I next tried to setup the Exchange/Pop3 software, by trying to Telnetting out, 
but it would not work. Sites and Content has the rule ALLOW ACCESS, and I 
already have a Protocol rule setup to allow all protocols, all the time. I 
could not Telnet. Then I setup a protocol rule for Telnet, and created an IP 
Packet Filter and opened port 23 both directions, on internal and remote. No 
luck. Then I tried to make ISA server wide-open (everything flows freely) and 
it worked. I have no idea how to correctly configure this with security.

I have setup the DynIP software correctly - they had a tutorial on their 
website. I tried to publish my OWA web server, but I cannot access it from the 
outside world. I have not tried/tested the other things I need to get working.

Currently EVERYTHING works on my Proxy 2.0 Server when connected to Road Runner 
cable modem. (I move the RR connection from my Proxy Server to the ISA server 
when testing.)

I have looked all over ISAserver.org, read numerous books and web articles, but 
have yet to find out how to do all this. I really want to get rid of my Proxy 
Server 2.0 and OWA 5.5 server (which runs on the Proxy box).

If anyone can help, please do so. I would GREATLY appreciate it. (ISA Server 
seems more trouble than it is worth right now.)

TIA,

-Tom

Other related posts:

• » Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help
• » RE: Newbie Needs Help

1. Home
2. isalist
3. Archive
4. 06-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---