Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Secure Nat blocking Websites doesnt work
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Secure Nat blocking Websites doesnt work - 21.Jan.2007 5:46:00 AM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
Hi,
secure nat works perfectly now but it doesnt allow me to block websites.
if i block websites, only if i enter the webproxy it works ( sites are blocked ) if i enter just the gateway, using secure nat, it doesnt work, the user can visit blocked sites without problems.
how can i solve this ?
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 6:54:57 AM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
hi superme, would u mind remining me with your rules.
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 7:55:37 AM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
actually my rules look like:
1 )Blocked Website=DENY=ALL Outbound Traffic=AllClients( local ip range)=URL SET ( where the domains are entered like *.google.de or google.de for testing) doesnt work
2) DNS to Provider ALLOW=DNS=localDNSServer=External=all
3) VPN=allow=pptp Server=EXTERNAL=isaserver=all (vpn incoming, doesnt work get failure 800 at remote client) doesnt work
4) Mail=allow=POP3etc=Internal=External=all ( works)
5) HTTP=allow=http,https=Internal=external=all ( works
6) FTP=allow=ftp=internal=external=all ( works not all the time...)
7) PPTP Send=allow=PPTP=Internal=External ( vpn from inside the net to outside, doesnt work buts very important for me!
8)PPTP Recieve=allow=PPTPServer=external=Localhost=all ( doesnt work, also VERY important that we can access the net via vpn from outside
Last Default Rule
target is:
get into the net via VPN,
connect to other VPN from inside
get ftp working
thx in advance dude!
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 7:56:27 AM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
and for sure the sites i enter at the URL SET should be blocked...
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 10:28:45 AM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Ok lets first start with VPN Inbound.
In rules 3 & 8 , u need to allow external users to establish a vpn connection to your ISA , right ??
Then u dont need to create a rule for this, but u need to enable VPN , read this article : Enabling the ISA Server 2004 VPN Server
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 12:08:46 PM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
when iam trough this howto from schinder, it definatly doesnt work. i do exactly all steps like statet there and it does sadly not work.
what i absolutly not understand is the part where i create this rule called:
Create an Access Rule Allowing VPN Clients Access to the Internal Networkwhich looks like:
VPN Client to Internal = Allow = ALL Outbound PROTOCOLS = VPN Clients = External
for me its clear, that this looks like an OUTGOING Rule, but where did i set the INCOMING rule ? this rule looks like iam granting inside clients, vpn acces to the outside ?!....
can anybody may help me to get the vpn working ?
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 2:50:55 PM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
quote:
Create an Access Rule Allowing VPN Clients Access to the Internal Networkwhich looks like:
VPN Client to Internal = Allow = ALL Outbound PROTOCOLS = VPN Clients = External
please when you read, concentrate , the rule is provided with a pic !!
so how come you read that the rule was from VPN client to External ????
as u see in the pic the rule from VPN CLients to Internal.
This rule to give access to for your vpn clients to internal resources.
quote:
for me its clear, that this looks like an OUTGOING Rule, but where did i set the INCOMING rule ? this rule looks like iam granting inside clients, vpn acces to the outside ?!....
Wrong, i repeat, this rule to give your vpn clients access to your internal resources.
the incoming rule is set when u enable the option in the pix below, its a system policy.
Have u ever took a look a the System Policies ?? there is a policy # 12, this will be enabled when u click this button :
To know more about the system policies, read this : http://www.isaserver.org/tutorials/Editing-ISA-2004-system-policy-Part1.html
&
http://www.isaserver.org/tutorials/Editing-ISA-2004-system-policy-Part2.html
< Message edited by elmajdal -- 21.Jan.2007 3:12:31 PM >
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 5:23:56 PM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
ive done that, like in schinders howto, and there i also have to select that, what you said.
but it still doesnt work.
has it may something todo where the rule is set ? which number the rule have maybe ?!?!
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 21.Jan.2007 5:26:11 PM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
maybe we can solve the website doesnt block problem ?
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 23.Jan.2007 4:42:48 AM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
Thx that you would give me the Chance to send you the picture, but i solved the problem:
I installed ISA 2006 ENG. at a Windows 2003 R2 German Version.
It seems that there are problems which cant be solved when you install the english isa 2006 version at a German Windows 2003 R2 Version.
I formated the machine, used the VLK, installed the WIndows 2003 again from scratsch, installed isa 2006 english, do all the stuff ive done before and...it works :)
thx for your help dude!
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 23.Jan.2007 5:28:00 PM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
quote:
I installed ISA 2006 ENG. at a Windows 2003 R2 German Version.
It seems that there are problems which cant be solved when you install the english isa 2006 version at a German Windows 2003 R2 Version.
WOW , interesting !!!
Glad that you figured it out.
Regards,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Secure Nat blocking Websites doesnt work - 24.Jan.2007 5:08:47 AM
|
|
|
supreme
Posts: 14
Joined: 20.Jan.2007
Status: offline
|
i tested it again, with the same result.
when u install a englisch version of ISA2006 at a german windows 2003 R2, import the config from a englisch/englisch version, it does not work ( also if you do all the rules manualy again )
you get the strangest errors, securenat works not 100%, http doesnt work, but mail does, you get after you have installed the isa server rpc problems and authentication/kerberos errors with your Domain Controller.....very very strange...
englisch/englisch...two clicks with tschinders howto ( thx ) and it works...
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
