• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IE LAN Settings

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> IE LAN Settings Page: [1]
Login
Message << Older Topic   Newer Topic >>
IE LAN Settings - 5.Jan.2006 7:44:40 PM   
kdiekemper

 

Posts: 54
Joined: 26.Sep.2005
Status: offline
My internal users are using ISA Firewall Client to access the internet through a ISA Server 2000.
When IE LAN Settings has  "Automatically detect settings" enabled they access the internet throught the ISA Server 2000 Firewall. When "Use a proxy server for you LAN" is enabled along with the ISA Server 2000 UNC name and port 9876 settings there is access to the internet without ISA Firewall restriction.

Is there a document that explains the use of the IE LAN settings when used with ISA Firewall Client?
What causes the Proxy setting the bypass the ISA Server Firewall?

Thanks,
Ken
Post #: 1
RE: IE LAN Settings - 6.Jan.2006 3:51:54 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Ken,

if the ISA server is your only exit point to the Internet then all traffic should be filtered by the ISA server, regardless how the client is configured. So, can you give us some more exact info about your configuration? A good starting point could be:
- ipconfig /all on ISA
- route print on ISA
- content of the LAT on ISA
- ipconfig /all on an internal workstation

HTH,
Stefaan

(in reply to kdiekemper)
Post #: 2
RE: IE LAN Settings - 9.Jan.2006 2:52:35 PM   
kdiekemper

 

Posts: 54
Joined: 26.Sep.2005
Status: offline
Hello Stefaan

Thanks for the replay to my question.
My ISA server is the only exit point to the Internet.
The ISA server is on a multi segment network with users from all different segments.
I am using the ISA Firewall client on all user work stations because of that.
Below is the information you requested.

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>ipconfig /all

Windows 2000 IP Configuration

       Host Name . . . . . . . . . . . . : proxy1
       Primary DNS Suffix  . . . . . . . : Proxy1
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : Proxy1

Ethernet adapter External Adapter:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom Gigabit Ethernet Controller

       Physical Address. . . . . . . . . : 00-06-5B-39-0E-61
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.255.3.1
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.255.3.2
       DNS Servers . . . . . . . . . . . : 206.166.83.20
                                           206.166.61.21
                                           206.166.57.20
       NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Internal Adapter:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapt
er (10/100)
       Physical Address. . . . . . . . . : 00-06-5B-39-0E-60
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.0.1.1
       Subnet Mask . . . . . . . . . . . : 255.255.0.0
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 10.3.1.8
                                           10.3.1.9
       NetBIOS over Tcpip. . . . . . . . : Disabled

C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 06 5b 39 0e 60 ...... Intel 8255x-based Integrated Fast Ethernet

0x1000004 ...00 06 5b 39 0e 61 ...... Gigabit Ethernet Driver
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         0.0.0.0          0.0.0.0       10.255.3.2      10.255.3.1       1
        10.0.0.0      255.255.0.0         10.0.1.1        10.0.1.1       1
        10.0.1.1  255.255.255.255        127.0.0.1       127.0.0.1       1
        10.1.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.2.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.3.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.4.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.5.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.6.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.7.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.8.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
        10.9.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.10.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.11.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.14.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.17.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.20.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.21.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.23.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
       10.24.0.0      255.255.0.0       10.0.1.254        10.0.1.1       1
      10.255.3.0    255.255.255.0       10.255.3.1      10.255.3.1       1
      10.255.3.1  255.255.255.255        127.0.0.1       127.0.0.1       1
  10.255.255.255  255.255.255.255         10.0.1.1        10.0.1.1       1
  10.255.255.255  255.255.255.255       10.255.3.1      10.255.3.1       1
       127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       224.0.0.0        224.0.0.0         10.0.1.1        10.0.1.1       1
       224.0.0.0        224.0.0.0       10.255.3.1      10.255.3.1       1
255.255.255.255  255.255.255.255         10.0.1.1        10.0.1.1       1
Default Gateway:        10.255.3.2
===========================================================================
Persistent Routes:
Network Address          Netmask  Gateway Address  Metric
        10.1.0.0      255.255.0.0       10.0.1.254       1
        10.2.0.0      255.255.0.0       10.0.1.254       1
        10.3.0.0      255.255.0.0       10.0.1.254       1
        10.4.0.0      255.255.0.0       10.0.1.254       1
        10.5.0.0      255.255.0.0       10.0.1.254       1
        10.6.0.0      255.255.0.0       10.0.1.254       1
        10.7.0.0      255.255.0.0       10.0.1.254       1
        10.8.0.0      255.255.0.0       10.0.1.254       1
        10.9.0.0      255.255.0.0       10.0.1.254       1
       10.10.0.0      255.255.0.0       10.0.1.254       1
       10.14.0.0      255.255.0.0       10.0.1.254       1
       10.20.0.0      255.255.0.0       10.0.1.254       1
       10.17.0.0      255.255.0.0       10.0.1.254       1
       10.11.0.0      255.255.0.0       10.0.1.254       1
       10.21.0.0      255.255.0.0       10.0.1.254       1
       10.23.0.0      255.255.0.0       10.0.1.254       1
       10.24.0.0      255.255.0.0       10.0.1.254       1

LAT has the following settings
10.0.0.0              10.254.255.255
150.150.10.218    150.150.10.218
192.168.0.0         192.168.1.255

(in reply to spouseele)
Post #: 3
RE: IE LAN Settings - 10.Jan.2006 9:20:52 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Ken,

here are some questions/remarks on your config:

1. Is your OS and ISA fully patched?

2. I would remove the DNS server settings on he ISA External adapter. Of course, make sure you have configured forwarders on your internal DNS servers. That should optimize your DNS resolving.

3. According to the ISA's routing table the LAT should only contain the entry '10.0.0.0 - 10.24.255.255'. So, what are the other entries doing there?

4. To what does the ISA Server 2000 UNC name resolves?


HTH,
Stefaan

(in reply to kdiekemper)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> IE LAN Settings Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts