• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Custom access for different network

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Custom access for different network Page: [1]
Login
Message << Older Topic   Newer Topic >>
Custom access for different network - 1.Dec.2008 6:53:40 AM   
obsaeed

 

Posts: 5
Joined: 22.Nov.2005
Status: offline
Hi there,

I tried finding an answer to this question without much success, so forgive if it has already been answered.

Here is my question:
How can I restrict the access of a group of computers on my network. For example I want a set of computers say with IP Address 192.168.1.11 to 192.168.1.20 to be able to use POP3/SMTP only.

I tried it using the old approach of creating Client Address Sets i.e. creating different 'Network Sets' in ISA Server 2006 but any IP Address outside the 'Internal' network set just wont get access to any internet resource at all.

Please help!

Regards,

Sami

< Message edited by obsaeed -- 1.Dec.2008 6:55:34 AM >
Post #: 1
RE: Custom access for different network - 2.Dec.2008 2:09:07 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Sami,

you can create a new computer set and create an access rule allowing only the POP3 and SMTP protocols for the new computer set to the destination mailīs server.

PS: Keep in mind ISA process the rules according to the ORDER column.

Regards,
Paulo Oliveira.

(in reply to obsaeed)
Post #: 2
RE: Custom access for different network - 3.Dec.2008 12:05:22 AM   
obsaeed

 

Posts: 5
Joined: 22.Nov.2005
Status: offline
Dear Paulo

Thanks for the reply; I appreciate it.

I have tried these steps but they did not work for me. Here is what I did:
1. In ISA Management Console expanded the tree to the following
Server Name>>Configuration>>Networks
2. In the 'Networks' under the 'Network Tasks' clicked the 'Create a New Network'
3. Provided following information in the resulting wizard
   a. Network Name: NG Staff
   b. Network Type: Internal Network
   c. Network Addresses: Range (192.168.1.11-192.168.1.20)
4. To create a new 'Access Rule' went to 'Server-Name'>>'Firewall Policy' and clicked 'Create Access Rule' under the Tasks section
5. Provided following information in the resulting wizard
   a. Access Rule Name: Email Only Access
   b. Rule Action: Allow
   c. Protocols: POP3 and SMTP
   d. Access Rule Sources: NG Staff
   e. Access Rule Destination: External
   f. User Sets: All Users
6. Rule order is '1'

Now if I have done everything right then it should work; but it does not so there must be something I'm doing wrong.

Any suggestions?

(in reply to paulo.oliveira)
Post #: 3
RE: Custom access for different network - 4.Dec.2008 1:21:54 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Sami,

as I told you before, you should create computer sets and not Networks. Here is what you should do:

1. In ISA Management Console expanded the tree to the following
Server Name>>Firewall Policy
2. On the right side of ISA console, select Toolbox >> Network Objects
3. Click New Computer Set
4. Choose a Name and click on Add button
5. Choose Address Range and specify your address range (192.168.1.11-192.168.1.20)

Add this computer set to your allow access rule and it should work.

PS: On Internal Network, you must specify all your internal network range (e.g. 192.168.1.0-192.168.1.255)

Regards,
Paulo Oliveira.

(in reply to obsaeed)
Post #: 4
RE: Custom access for different network - 18.Dec.2008 11:23:29 PM   
obsaeed

 

Posts: 5
Joined: 22.Nov.2005
Status: offline
Dear Paulo

Thank you for clearing that up for me. I truly appreciate your help, you are a life saver.

Regards,

Sami

(in reply to paulo.oliveira)
Post #: 5
RE: Custom access for different network - 19.Dec.2008 7:22:21 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Sami,

thanks!!


Regards,
Paulo Oliveira.

(in reply to obsaeed)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> Custom access for different network Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts