RE: Newbie Needs Help
- From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: "Isa Weblist" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 30 Jun 2004 20:32:29 +0100
There are articles for most, if not all that you require on the
isaserver.org website.
Steve
-----Original Message-----
From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, June 30, 2004 4:23 PM
To: Isa Weblist
Subject: [isalist] Newbie Needs Help
http://www.ISAserver.org
First of all, is this list a place for newbies to get help or is it only
for seasoned pro's?
If newbies can obtain help via this list, then here's my scenario...
I have a simple, single domain, single subnet W2K network. I have 6
servers total and various servers run DHCP, DNS, WINS, Exchange 2000,
Proxy Server 2.0 SP-1, IIS-5, etc.
I am trying to implement an ISA 2000 Server. This is a brand new box. It
has two NICs, one internal and one connected to a Road Runner Cable
Modem which assigned IPs via DHCP. I have both my NICs setup properly -
following the tutorial on ISAserver.org
I need to allow the following services to run through ISA:
Internet User -> ISA Server -> FTP Server Internet User -> ISA Server ->
WEB Server Internet User -> ISA Server -> OWA 2000 from Internal
Exchange 2000 Server IIS-5 (Not using SSL, but requiring Windows
Authentication
Internet User VIA VPN -> ISA Server -> Internal Network share Access
(and to use Terminal Server to access Servers) requires Windows
Authentication
Internet User VIA pcAnywhere -> ISA Server -> Access any host running
pcAnywhere, including host on the ISA Server
Exchange/POP3 software [an email gateway (connector) that retrieves
messages from Internet POP3 email accounts (IMAP also supported) and
delivers them to Exchange Server] software on ISA Server that goes out
to our ISPs mail server, downloads all emails into our Exchange Server
box -> ISA Server -> Internet (in order for this to work, all I need to
do is to be able to successfully TELNET to our ISP mail server on port
110)
DynIP needs to work (software that automatically tracks dynamic IP
addresses assigned by our ISP, so we can act like we have a static IP)
When I make a web connection into my internal web server, i get to use
http://name.dynip.com/website instead of having to manually keep track
of the ISP assigned IP number.
Internal User running Outlook Express -> ISA Server -> SMTP/POP3 to Road
Runner ISP on Internet Internal User running AOL Instant Messenger ->
ISA Server -> Internet Internal User running Weatherbug - > ISA Server
-> Internet Internal User running MS IE 6.0 SP-1 -> ISA Server ->
Internet Internal User running MS Windows Media Player 9 -> ISA Server
-> Internet Internal User running RealOne Player 10 -> ISA Server ->
Internet Internal User running Listen Rhapsody 2.1 -> ISA Server ->
Internet
Ok, I know it's alot, but that is my task. When I installed ISA Server,
I created and enabled a protocol rule so that only our internal INTERNET
USERS could access the Internet using all protocols, at all times, the
ALLOW ACCESS (Sites and Content) was already there. This worked fine. I
could access the internet with my web proxy clients and firewall
clients. I even setup the ISA server so that it could access the
Internet - worked fine.
I next tried to setup the Exchange/Pop3 software, by trying to
Telnetting out, but it would not work. Sites and Content has the rule
ALLOW ACCESS, and I already have a Protocol rule setup to allow all
protocols, all the time. I could not Telnet. Then I setup a protocol
rule for Telnet, and created an IP Packet Filter and opened port 23 both
directions, on internal and remote. No luck. Then I tried to make ISA
server wide-open (everything flows freely) and it worked. I have no idea
how to correctly configure this with security.
I have setup the DynIP software correctly - they had a tutorial on their
website. I tried to publish my OWA web server, but I cannot access it
from the outside world. I have not tried/tested the other things I need
to get working.
Currently EVERYTHING works on my Proxy 2.0 Server when connected to Road
Runner cable modem. (I move the RR connection from my Proxy Server to
the ISA server when testing.)
I have looked all over ISAserver.org, read numerous books and web
articles, but have yet to find out how to do all this. I really want to
get rid of my Proxy Server 2.0 and OWA 5.5 server (which runs on the
Proxy box).
If anyone can help, please do so. I would GREATLY appreciate it. (ISA
Server seems more trouble than it is worth right now.)
TIA,
-Tom
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
This E-Mail is confidential. It is not intended to be read, copied, disclosed
or used by any person other than the recipient named above.
Unauthorised use, disclosure, or copying is strictly prohibited and may be
unlawful. Optimum IT Solutions disclaims any liability for any action taken in
connection of this E-Mail. The comments or statements expressed in this E-Mail
are not necessarily those of Optimum IT Solutions or its subsidiaries or
affiliates.
administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx
Other related posts:
