Hi Sebastian, That is correct and how it works. Why are you using the SecureNAT client? That config is only for Macs and Linux and servers? SecureNAT makes the ISA firewall as as dumb as a pix! HTH, Tom ________________________________ From: Dijk, Sebastian van [mailto:sebastian.van.dijk@xxxxxxxxxx] Sent: Thursday, November 11, 2004 7:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] dns resolving when using securenat http://www.ISAserver.org Hi Jim, Thanks for the response. However, Proxy is NOT enabled in Internet Explorer. So ISA is just used as securenat (clients are only configured with a default gateway = isaserver). www.test.nl <http://www.test.nl/> is just an example, it's not the domain we use in real. The problem is : When ISA is the default gateway for the client, it seems like the "c:\winnt\system32\drivers\etc\hosts" file is skipped in the dns resolving progress. Met vriendelijke groet, Sebastian van Dijk ________________________________ Van: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Verzonden: maandag 8 november 2004 15:45 Aan: [ISAserver.org Discussion List] Onderwerp: RE: [isalist] dns resolving when using securenat Actually, www.test.nl resolves to 212.204.218.191, but that's a small matter. ISA doesn't change your previous name resolution. What *can* happen (sounds like your issue) is if your browser is configured to use ISA as a web proxy, then name resolution happens at the ISA, not the client. For details of ISA client behavior, take a read in the ISA help and here: http://isaserver.org/tutorials/ISA_Clients__Part_1__General_ISA_Server_C onfiguration.html http://isaserver.org/tutorials/ISA_Clients__Part_2_SecureNAT_and_Web_Pro xy_Client.html http://isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Client.h tml ________________________________ From: Dijk, Sebastian van [mailto:sebastian.van.dijk@xxxxxxxxxx] Sent: Mon 11/8/2004 3:00 AM To: [ISAserver.org Discussion List] Subject: [isalist] dns resolving when using securenat http://www.ISAserver.org Hi ! We are now in a migration period. We had some nokia firewall but now we want to implement ISA 2000. We have installed all updates/service packs for isa 2000 and it runs on a Windows 2003 Standard server. However this gives a problem : We have configured our clients for securenat, and the dns is resolved by a windows 2000 server. In my opinion, when one uses a default gateway the first thing done when a name to ip is being resolved : - checking local hosts file - checking dns server Again : we are not using the firewall or proxy client, just a default gateway. Now comes the problem : In the old situation (where the nokia functioned as default gateway) one could change the local hosts file and that ip would be used when typing in the url. Now in the new situation, it seems like the local hosts file is not being used for name resolving. So when the internet dns of www.test.nl <http://www.test.nl/> points to 10.0.0.1 and we add an entry in our hosts file : 20.0.0.1 www.test.nl <http://www.test.nl/> . And we type in our internet explorer www.test.nl <http://www.test.nl/> ; the page from 10.0.0.1 is loaded. Is this by design ? And how does it work because it messes up my understanding of TCP/IP and DNS Thanks in advance Met vriendelijke groet, Sebastian van Dijk ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx