RE: RES: RE: RES: RE: RES: Network Sniffer

  • From: "Mark Hopkins" <mark@xxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 4 Nov 2002 12:49:57 -0600

I am not having ANY difficulty with ANY connectivity ANYWHERE on my network(s). 
All communication is absolutely perfect. My question is simply: why is the ISA 
Server's external NIC "spoofing" the source address of every packet? Is this 
normal?

-----Original Message-----
From: Alex Decarli [mailto:alex@xxxxxxxxxxxxx]
Sent: Monday, November 04, 2002 12:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RE: RES: RE: RES: Network Sniffer


http://www.ISAserver.org


ISA Server needs to Know who is the DMZ Servers members, otherwise, all packets 
to this servers will be discard.
I had this problem on past, for 2 months I asked to isa list How to create DMZ 
environment. But nobody answered my question.
I called to Microsoft Support and I found my problem that was my route on 
router was wrong.
 
I think that in your situation can be it. My question, you can access any 
server in DMZ environment ? if yes, what are the rules that you configured to 
machine where the
sniffer is attached ?
 
 


[Decarli] 
 -----Mensagem original-----
De: Mark Hopkins [mailto:mark@xxxxxxxxxxxxx]
Enviada em: segunda-feira, 4 de novembro de 2002 16:07
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: RES: RE: RES: Network Sniffer



http://www.ISAserver.org


Alex,
 
I consider the DMZ to be all systems between the Cisco router and the ISA 
Server. That is the segment where the sniffer is attached. The ISA rebuild was 
from scratch, NON-AD Integrated (Standalone), complete build, with SP1 of 
course. The W2K Server it is riding on was also completely rebuilt and patched 
completely.
 
Thanks.
 
Mark

-----Original Message-----
From: Alex Decarli [mailto:alex@xxxxxxxxxxxxx]
Sent: Monday, November 04, 2002 12:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RE: RES: Network Sniffer


http://www.ISAserver.org


INTERNET <====> CISCO ROUTER <====> ISA SERVER <====> INTERNAL NETWORK
                                                                          ||
                                                                          ||
                                                                       DMZ      
                                                                    
 
 
am I right ?, did your DMZ is working ? tell-me more about this "rebuild"
 
Alex D.
 
 

-----Mensagem original-----
De: Mark Hopkins [mailto:mark@xxxxxxxxxxxxx]
Enviada em: segunda-feira, 4 de novembro de 2002 15:56
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: RES: Network Sniffer


http://www.ISAserver.org


INTERNET <====> CISCO ROUTER <====> ISA SERVER <====> INTERNAL NETWORK

-----Original Message-----
From: Alex Decarli [mailto:alex@xxxxxxxxxxxxx]
Sent: Monday, November 04, 2002 11:48 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: Network Sniffer


http://www.ISAserver.org


Who is the gateway of DMZ ?

-----Mensagem original-----
De: Mark Hopkins [mailto:mark@xxxxxxxxxxxxx]
Enviada em: segunda-feira, 4 de novembro de 2002 15:47
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Network Sniffer


http://www.ISAserver.org


Hello,

I have placed a network sniffer on my DMZ enabling the collection all packets 
entering and leaving my enterprise. I also use ISA Server to connect my DMZ to 
my internal network. All packets coming from my internal network have a source 
address of the external NIC on the ISA Server. There must be a way of 
correcting this because before the rebuild of the ISA Server, the packet source 
addresses were the actual source, and not the ISA Server. So I must have 
changed some property within the ISA Server, but I cannot recall which one. Can 
anyone help me with this? Thanks.

Mark

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
alex@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mark@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
alex@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mark@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
alex@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mark@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2002