RE: SecureNAT restrictions?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 28 Aug 2003 12:50:20 -0500
Hi Koie,
Make sure the remote network is on the LAT, or the firewall client will
forward the connection to the firewall.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx]
Sent: Thursday, August 28, 2003 12:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT restrictions?
http://www.ISAserver.org
Well i setup in the firewall client the common configuration and also
added RPD 3389, reinstalled the firewall client on my machine just
incase and tried to Remote Desktop into one of the networks i've vpn'ed
into and still no luck.
Koie
-----Original Message-----
From: Koie Smith
Sent: Thursday, August 28, 2003 11:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT restrictions?
http://www.ISAserver.org
Ok, my ISA was already configured that way except for the the checkmark
in do not use recursion, i enabled that and created the TCP packet
filter for DNS, still my connection to the sql server will not work.
When the firewall client is enabled, is it by default supplying a proxy
in the background to the applications? Would enabling a proxy in my
program work you think for secureNAT? It currently doesnt support using
proxy but i could recode it to have that support.
Koie Smith
Nex-Tek, Inc.
Technical Support Team
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 28, 2003 11:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT restrictions?
http://www.ISAserver.org
Hi Koie,
Here's another fishing pole :-)
http://www.isaserver.org/articles/snatdns.html
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx]
Sent: Thursday, August 28, 2003 11:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT restrictions?
http://www.ISAserver.org
After reading the article, it still doesn't make sense to me that if i'm
running as SecureNAT, I can't connect to my sql server across the
internet. I think if i was running the firewall client and configured it
to allow VPN/RemoteDesktop/Etc then it would probably work. Did i
misread something?
Koie Smith
Nex-Tek, Inc.
Technical Support Team
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 28, 2003 10:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT restrictions?
http://www.ISAserver.org
Hi Koie,
Here's a fishing pole :-)
http://www.isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Clie
nt.html
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx]
Sent: Thursday, August 28, 2003 10:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT restrictions?
http://www.ISAserver.org
Then why the difference in being able to connect to different resources
when enabled vs disabled?
Koie
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 28, 2003 10:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SecureNAT restrictions?
http://www.ISAserver.org
Hi Koie,
Not true. Protocol Rule apply to Web Proxy, Firewall and SecureNAT
clients. They are applied to all LAT to non-LAT communications.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx]
Sent: Thursday, August 28, 2003 10:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] SecureNAT restrictions?
http://www.ISAserver.org
I've come to the conclusion that the protocol rules in ISA only work if
the machine is running the firewall client, and probably many of you
knew that already if it is true. My testing revealed if i create a
destination set for my internal network. Then make a protocol rule to
allow all ports and have the firewall client enabled, then i can connect
out over the internet to a sql server i'm needing to contact. If i
disable the firewall client then I cannot connect to it anymore. Here
lies my problem, I do alot of VPN'ing to client networks, and upon doing
so, I am not able to pcAnywhere or Remote Desktop into any of their
machines including the server i just VPN'ed into. Any ideas? How can i
unlock everything from the inside for an internal client without having
to install the firewall client?
Thanks,
Koie Smith
Nex-Tek, Inc.
Technical Support Team
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ksmith@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ksmith@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ksmith@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ksmith@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
