Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SNat Clients

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> SNat Clients Page: [1]
Login
Message << Older Topic   Newer Topic >>
SNat Clients - 14.Nov.2001 8:40:00 PM   
hyghpocalypse

 

Posts: 2
Joined: 14.Nov.2001
From: New York
Status: offline 		Associates

Here a tough one for me to figure out and I'm asking for help here. I have a client that cannot use the firewall client software provided by ISA so I have configure it to be a snat client.

Looking at my logs, you will see that I do have a rule for my (snat) clients to gain access (rule #2)and yes, this is a h323 call (protocol 1720) but the strangest thing is that it keeps denying the call from snat clients sc-status 13301) but allows the call from authenticated users (using netmeeting), I cannot figure out why. Help resolve

Post #: 1
RE: SNat Clients - 15.Nov.2001 5:58:00 PM   
bmc

 

Posts: 2
Joined: 15.Nov.2001
Status: offline 		I'm having a similar problem. I have two Tandberg Teleconferencing units that are NAT-capable and Gatekeeper-capable as clients. One is directly connected to the Internet. The other is behind ISA. The systems use the H.323 protocol. I have a test configuration permitting full, open access (as documented in the Learning Zone on this site). The unit behind ISA is configured as a NAT client (default getway set to internal NIC of ISA). The unit behind ISA does go thru ISA, but the response is denied. The log shows the source IP (the unit directly connect to the Internet and located physically out-of-state) but the destination IP is the address of the teleconferencing unit behind ISA, NOT the external NIC of ISA, which I thought should happen with network address translation (unless I'm wrong). Specfically, the source port is 1720 and destination port is 5555, with multiple blocks w/ flags ACK, SYN ACK, and RST ACK. What do those mean? What am I doing wrong?

[This message has been edited by bmc (edited 15 November 2001).]


(in reply to hyghpocalypse)
Post #: 2
RE: SNat Clients - 16.Nov.2001 5:13:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hey Guys,

Check out the articles on the H.323 and the Gatekeeper. I discuss some of the limitations of using H.323 without using the gatekeeper. Generally, H.323 is useless behind the ISA Server unless you use the Gatekeeper, then it works great!

HTH,
Tom

------------------
http://www.isaserver.org/shinder/


Get It Here!


(in reply to hyghpocalypse)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> SNat Clients Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts