Hi Koie, Make sure the remote network is on the LAT, or the firewall client will forward the connection to the firewall. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 12:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org Well i setup in the firewall client the common configuration and also added RPD 3389, reinstalled the firewall client on my machine just incase and tried to Remote Desktop into one of the networks i've vpn'ed into and still no luck. Koie -----Original Message----- From: Koie Smith Sent: Thursday, August 28, 2003 11:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org Ok, my ISA was already configured that way except for the the checkmark in do not use recursion, i enabled that and created the TCP packet filter for DNS, still my connection to the sql server will not work. When the firewall client is enabled, is it by default supplying a proxy in the background to the applications? Would enabling a proxy in my program work you think for secureNAT? It currently doesnt support using proxy but i could recode it to have that support. Koie Smith Nex-Tek, Inc. Technical Support Team -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 11:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org Hi Koie, Here's another fishing pole :-) http://www.isaserver.org/articles/snatdns.html HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 11:09 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org After reading the article, it still doesn't make sense to me that if i'm running as SecureNAT, I can't connect to my sql server across the internet. I think if i was running the firewall client and configured it to allow VPN/RemoteDesktop/Etc then it would probably work. Did i misread something? Koie Smith Nex-Tek, Inc. Technical Support Team -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 10:49 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org Hi Koie, Here's a fishing pole :-) http://www.isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Clie nt.html HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 10:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org Then why the difference in being able to connect to different resources when enabled vs disabled? Koie -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 10:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SecureNAT restrictions? http://www.ISAserver.org Hi Koie, Not true. Protocol Rule apply to Web Proxy, Firewall and SecureNAT clients. They are applied to all LAT to non-LAT communications. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx] Sent: Thursday, August 28, 2003 10:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] SecureNAT restrictions? http://www.ISAserver.org I've come to the conclusion that the protocol rules in ISA only work if the machine is running the firewall client, and probably many of you knew that already if it is true. My testing revealed if i create a destination set for my internal network. Then make a protocol rule to allow all ports and have the firewall client enabled, then i can connect out over the internet to a sql server i'm needing to contact. If i disable the firewall client then I cannot connect to it anymore. Here lies my problem, I do alot of VPN'ing to client networks, and upon doing so, I am not able to pcAnywhere or Remote Desktop into any of their machines including the server i just VPN'ed into. Any ideas? How can i unlock everything from the inside for an internal client without having to install the firewall client? Thanks, Koie Smith Nex-Tek, Inc. Technical Support Team ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ksmith@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ksmith@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ksmith@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ksmith@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')