...newcomer questions...

From: "Jim Scolman" <jim.scolman@xxxxxxxxxxxxx>
To: "ISA Server List" <isalist@xxxxxxxxxxxxx>
Date: Thu, 24 Oct 2002 08:48:21 -0700
Hello All, I am new to the list and new to ISA server.  I am an Admin with a
school district, and inherited an ISA server at one of my schools.  Here is
the layout;

                                Workstation group A, server A
                                switch stack A, network A

                                        IAS Proxy Server

                                switch stack B, network B
                                Workstation group B, server B

Network A is a "stand alone" LAN, working through switch stack A.
Network B is connected to the school district WAN via a fiber connection to
the school MDF, and T1 to the district data center.
One of the ISA server interfaces is connected to switch stack A, and the
other is connected to switch stack B.  Network A can connect to the Internet
and connect to server A, but to nothing else on the "other" side of the
proxy.  Network B can "see" all of the District WAN but none of LAN A.  I
was told the sole purpose of installing the proxy server was to enable the
teachers on LAN A to "cut off" Internet access to workstation group A.  I
have looked at the various Rules, etc on the proxy and there is a "No
Internet" rule.  All of the appropriate protocol filters and rules seem to
be configured and working.  TCP/IP protocols, ICMP, etc are allowed, but I
cannot ping from LAN A to the "outside".  Another issue is District eMail
for the teachers on LAN A, I have researched the subject and learned that MS
Outlook will not work "thru" the Proxy.  The main issue is this;  if I
connect the teacher workstations to LAN B, they have eMail and access to the
district WAN but NO ACCESS to LAN A.  The teacher on LAN B has access to
eMail, the district WAN AND TO LAN A!  I cannot find any configuration in
the IAS that is causing this situation.  Routing is not turned on in the IAS
proxy, I have experimented with is but it seems to require an IAS server on
each side of the route or tunnel.  Can the IAS work as a router between
these two LANs and still offer the Internet protection required of LAN A ?
I have done much research and reading on IAS and I not been able to answer
my questions.  I hope this is enough information for one of you to help.
Thanks for your patience and expertise.  Sincerely  Jim Scolman.

Jim Scolman
Technology Contractor
206-972-1431 
jim.scolman@xxxxxxxxxxxxx
"if you can keep your head when all those around you......"
...newcomer questions...

Other related posts:
