In this instance I was the user and I went to that PC logged on. I went to 5 different websites, www.msn.com, www.yahoo.com, www.google.com, www.cnn.com, and www.microsoft.com. I then didn't a query to pull up all requests from that IP address in the webproxy log. Every request was too an IP address not a FQDN. I am in transition mode in my installation now and my default gateway does not point to my ISA server, (before you scream at me in the end it will be, currently testing a subset of users with proxy settings and firewall client software), so securenat request could not be routed to the ISA server. It's a little confusing to me why one machine would be acting this way. If you try to go to most of the URLs they do not even function with the IP instead of the FQDN because the side must look at host headers. Tim -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, October 06, 2005 9:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: strange log entries http://www.ISAserver.org Maybe the request was made to an address, or the client is acting in the role of SecureNAT client for that connection. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: tim.altena@xxxxxxxxxxxxxx [mailto:tim.altena@xxxxxxxxxxxxxx] > Sent: Thursday, October 06, 2005 9:24 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] strange log entries > > http://www.ISAserver.org > > I have one PC that is logging only IP address information on the ISA > server. See below > > ClientIp ClientUsername DestHost URI > 174331110 ORANGE_FACT\tima 206.65.174.102 > http://206.65.174.102/us.yimg.com/a/1-/flash/promotions/yahoo/ > 051006/70i > lt.gif > > Every other PC is logging the FQDN for desthost and in the URL. Has > anyone seen this before? I checked and the user is going to the FQDN > not the IP address in the browser. Oh they are setup as > Firewall Client > and WebProxy client. > > Tim > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tim.altena@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx