There are articles for most, if not all that you require on the isaserver.org website. Steve -----Original Message----- From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, June 30, 2004 4:23 PM To: Isa Weblist Subject: [isalist] Newbie Needs Help http://www.ISAserver.org First of all, is this list a place for newbies to get help or is it only for seasoned pro's? If newbies can obtain help via this list, then here's my scenario... I have a simple, single domain, single subnet W2K network. I have 6 servers total and various servers run DHCP, DNS, WINS, Exchange 2000, Proxy Server 2.0 SP-1, IIS-5, etc. I am trying to implement an ISA 2000 Server. This is a brand new box. It has two NICs, one internal and one connected to a Road Runner Cable Modem which assigned IPs via DHCP. I have both my NICs setup properly - following the tutorial on ISAserver.org I need to allow the following services to run through ISA: Internet User -> ISA Server -> FTP Server Internet User -> ISA Server -> WEB Server Internet User -> ISA Server -> OWA 2000 from Internal Exchange 2000 Server IIS-5 (Not using SSL, but requiring Windows Authentication Internet User VIA VPN -> ISA Server -> Internal Network share Access (and to use Terminal Server to access Servers) requires Windows Authentication Internet User VIA pcAnywhere -> ISA Server -> Access any host running pcAnywhere, including host on the ISA Server Exchange/POP3 software [an email gateway (connector) that retrieves messages from Internet POP3 email accounts (IMAP also supported) and delivers them to Exchange Server] software on ISA Server that goes out to our ISPs mail server, downloads all emails into our Exchange Server box -> ISA Server -> Internet (in order for this to work, all I need to do is to be able to successfully TELNET to our ISP mail server on port 110) DynIP needs to work (software that automatically tracks dynamic IP addresses assigned by our ISP, so we can act like we have a static IP) When I make a web connection into my internal web server, i get to use http://name.dynip.com/website instead of having to manually keep track of the ISP assigned IP number. Internal User running Outlook Express -> ISA Server -> SMTP/POP3 to Road Runner ISP on Internet Internal User running AOL Instant Messenger -> ISA Server -> Internet Internal User running Weatherbug - > ISA Server -> Internet Internal User running MS IE 6.0 SP-1 -> ISA Server -> Internet Internal User running MS Windows Media Player 9 -> ISA Server -> Internet Internal User running RealOne Player 10 -> ISA Server -> Internet Internal User running Listen Rhapsody 2.1 -> ISA Server -> Internet Ok, I know it's alot, but that is my task. When I installed ISA Server, I created and enabled a protocol rule so that only our internal INTERNET USERS could access the Internet using all protocols, at all times, the ALLOW ACCESS (Sites and Content) was already there. This worked fine. I could access the internet with my web proxy clients and firewall clients. I even setup the ISA server so that it could access the Internet - worked fine. I next tried to setup the Exchange/Pop3 software, by trying to Telnetting out, but it would not work. Sites and Content has the rule ALLOW ACCESS, and I already have a Protocol rule setup to allow all protocols, all the time. I could not Telnet. Then I setup a protocol rule for Telnet, and created an IP Packet Filter and opened port 23 both directions, on internal and remote. No luck. Then I tried to make ISA server wide-open (everything flows freely) and it worked. I have no idea how to correctly configure this with security. I have setup the DynIP software correctly - they had a tutorial on their website. I tried to publish my OWA web server, but I cannot access it from the outside world. I have not tried/tested the other things I need to get working. Currently EVERYTHING works on my Proxy 2.0 Server when connected to Road Runner cable modem. (I move the RR connection from my Proxy Server to the ISA server when testing.) I have looked all over ISAserver.org, read numerous books and web articles, but have yet to find out how to do all this. I really want to get rid of my Proxy Server 2.0 and OWA 5.5 server (which runs on the Proxy box). If anyone can help, please do so. I would GREATLY appreciate it. (ISA Server seems more trouble than it is worth right now.) TIA, -Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient named above. Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum IT Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum IT Solutions or its subsidiaries or affiliates. administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx