Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OMG I Buggered it up - sort of...
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OMG I Buggered it up - sort of... - 11.Mar.2008 12:27:30 AM
|
|
|
KellyR
Posts: 8
Joined: 13.Nov.2007
Status: offline
|
Hi everyone.
I have ISA 2006 installed with a multi-homed template and 2 access rules.
1. Allow All, all networks, all users.
2. Default deny rule.
This was allowing all users access to the internet and works great.
I had a requirement to display names instead of "anonymous". So I did the following. Created a new User group called "LDAP" and set its parameters up to use the AD server to query a domain local group (ISA server is in different physical location - same domain).
Then I modified the access list
1. Allow All outbound protocols, all networks, all networks, LDAP group
2. Allow All outbound protocols, all networks, all networks, all users.
3. Default deny rule.
Then I hit "Apply". Then all this funky stuff started happening. Now when I select options in the MMC snap-in (connecting remotely), there is a long delay before my results are returned. If I try to Apply or Discard changes, I get loooong delays and then a box that when I click explain, tells me that the RPC server is unavailable.
I am also no longer RDP to the remote server. However, the proxy is working fine and I can telnet on port 8080. Internet still works fine. I seem to have degraded my admin functions and lost all remote control.
I cannot reconnect to the box to remote the new 1. rule. Is anyone aware of what I did wrong?
|
|
|
|
RE: OMG I Buggered it up - sort of... - 11.Mar.2008 4:16:18 PM
|
|
|
pwindell
Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
1. Remove everything that you did and put it back exactly the way it was.
2. Create a User Set.
3. Add AD Users/Ggroups to the User Set
4. Add the User Set to the Users Tab of the first rule that you already had.
5. Remove "All Users" from the Rule.
6. Remove "All Networks" from the TO Tab in the Rule and put External in its place.
7. Its a good idea to install the Firewall Client on the workstations.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
