OK, so if an internal box is using ISA server as a gateway, then it's a SecureNAT Client? This is how my extranet servers are published currently -- so now I can have isa preserve the IP of the external request and my logs will reflect this on my webserver? Thanks for all the help. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Sunday, August 08, 2004 1:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Web publishing and ISA 2004 http://www.ISAserver.org Lemme see if I can help: By definition, SecureNAT clients are able to use ISA as a router (rules allowing). This isn't an ISA requirement, it's basic TCP/IP routing. In order to preserve the C-IP, the published server MUST be able to respond to off-subnet connections. This means that the published server needs a default route that will send its responses back to the originator. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Sun, 8 Aug 2004 13:31:54 -0400 "Bryan D. Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi, Are you saying that they HAVE to be SecureNAT clients to preserve the IP? Or will they still be "Published Websites"? Or... When you select "preserve the source ip", does that mean it's a secureNAT client? Maybe I am not clear what is a secureNAT client and what is not with respect to publishing servers and websites... We would like to keep them as published websites rather than published servers, we would just like for ISA to pass thru the ip so we can report with webtrends or other log analysis apps more accurately. Thanks for the reply... -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Friday, July 23, 2004 8:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Web publishing and ISA 2004 http://www.ISAserver.org Hi Bryan, I don't know if I would call it "proper" since many organizations don't want to make their published server SecureNAT clients. But, the ISA 2004 firewall does allow you the option to preserve the source IP address in Web Publishing rules. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx] Sent: Friday, July 23, 2004 7:30 AM To: [ISAserver.org Discussion List] Subject: [isalist] Web publishing and ISA 2004 http://www.ISAserver.org Does ISA pass the client ip properly now to web servers that are published -- as opposed to every request looking like it came from ISAServer? Thanks! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist