RE: quick question

From: "Adam Hearne" <adam.hearne@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Thu, 18 Dec 2003 21:10:33 -0000
Thanks for the reply Tom,

 

I have come across something interesting, I have two machines, one can
successfully ping anywhere, and the other can't.  Firewall clients and
SecureNAT clients is set up on both machines. 

 

I tried to ping the same place from each computer, one can, and one
can't.  They are both in the same subnet net (it is a 'simple' network
setup).  The only main difference I can think of is that one machine is
windows 2000 server, the other is XP professional, but that should not
make a difference because their network settings are similar and they
both should have to adhere to the same rules when it comes to ICMP,
shouldn't they???  (back me up on that one, or not)  

 

I have no client address sets specified.  I have only one protocol rule
which allows all ip traffic.  Protocol definitions are just all the
default ISA ones.

 

What the hell is going on?!?!?!

 

Any help on this would be great!!!!

 

Thanks very much guys, this discussion list is the best I have come
across,

 

Adam

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: 18 December 2003 20:16
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: quick question

 

http://www.ISAserver.org

Hi Adam,

 

If the "All IP Traffic" protocol rule is enabled, then the SecureNAT
clients have access ONLY to the protocols defined in the Protocol
Definitions node in the left pane ISA console.

 

Also, the rule must not require user auth, because the SecureNAT client
isn't able to provide credentials.

 

HTH,

 

Thomas W Shinder

www.isaserver.org/shinder <http://www.isaserver.org/shinder>  

ISA Server 2004 Beta - Coming Soon
<http://www.microsoft.com/isaserver/beta/default.asp> 

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: Adam Hearne [mailto:adam.hearne@xxxxxxxxxxxxxxxxxxx] 
        Sent: Thursday, December 18, 2003 2:04 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] quick question

        http://www.ISAserver.org

        Hi guys,

         

        I finally got the SQL server's to connect through the ISA
server.  It ended up being I had to disable filtering of IP options.
Can anyone tell me what option filtering is?

         

        But onto my main question, I have just read the article
http://www.isaserver.org/tutorials/How_to_use_ISA_Server_Packet_Filters.
html and I had a question about the following statement within it...

         

        "...Something to keep in mind regarding Protocol Rules is that
if you enable a rule that allows "All IP Traffic, it will work
differently depending on what type of client is accessing that rule.
Firewall Client computers will have outbound access to all TCP/UDP
ports, but SecureNAT clients only have access to the protocols that are
specified in the Protocol Defintions that are configured in the ISA
Server."

         

        I underlined the last sentence because that is what I has
trouble understanding.  In regards to the SecureNat clients, is that
line saying that the mere act of specifying a protocol definition will
enable it?  I though you then had to use a protocol rule to specify who
it applied to.  I am confused.  

         

        Being a beginner on this subject, understanding the little
things often helps me understand the bigger things.  I hope someone can
please clear this up for me.

         

        Thanks again,

         

        Adam

        
************************************************************************
******************
        NOTICE - This message is the property of yourinsurancegroup
(brokers) limited.
        It may also be confidential and/or privileged. If you are not
the intended recipient 

        of this message you are hereby notified that you must not
disseminate, copy or take 

        any action with respect to it. If you have received this message
in error please notify 

        the systems team immediately via e-mail to:
postmaster@xxxxxxxxxxxxxxxxxxx <mailto:postmaster@xxxxxxxxxxxxxxxxxxx> 
        
************************************************************************
******************

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
leave-isalist-1689814Q@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adam.hearne@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
leave-isalist-1689814Q@xxxxxxxxxxxxx
 
 
 
******************************************************************************************
 
NOTICE - This message is the property of yourinsurancegroup (brokers) limited. 
It may also be confidential and/or privileged.  If you are not the intended 
recipient 
 
of this message you are hereby notified that you must not disseminate, copy or 
take 
 
any action with respect to it.  If you have received this message in error 
please notify
 
the systems team immediately via e-mail to: postmaster@xxxxxxxxxxxxxxxxxxx 
******************************************************************************************
RE: quick question

Other related posts:
