Then why the difference in being able to connect to different resources when enabled vs disabled? Koie -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 10:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org Hi Koie, Not true. Protocol Rule apply to Web Proxy, Firewall and SecureNAT clients. They are applied to all LAT to non-LAT communications. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 10:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] SecureNAT restrictions? http://www.ISAserver.org I've come to the conclusion that the protocol rules in ISA only work if the machine is running the firewall client, and probably many of you knew that already if it is true. My testing revealed if i create a destination set for my internal network. Then make a protocol rule to allow all ports and have the firewall client enabled, then i can connect out over the internet to a sql server i'm needing to contact. If i disable the firewall client then I cannot connect to it anymore. Here lies my problem, I do alot of VPN'ing to client networks, and upon doing so, I am not able to pcAnywhere or Remote Desktop into any of their machines including the server i just VPN'ed into. Any ideas? How can i unlock everything from the inside for an internal client without having to install the firewall client? Thanks, Koie Smith Nex-Tek, Inc. Technical Support Team ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ksmith@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')