Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Securenat connection issue
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Securenat connection issue - 13.Feb.2007 8:52:38 PM
|
|
|
danieltan07
Posts: 51
Joined: 5.Feb.2007
From: Malaysia
Status: offline
|
I've been using snat for sometime but then suddenly it won't works anymore. I just put the isa internal nic as gateway. In the monitor tab, there are securenat session going on.I can still ping ip from dos prompt. In my access policy those are my rules
1.Publish dns server, allow from anywhere to dns server ip
2.Deny msn , allow http/https from internal to external, authenticated users
3.Remote login, allow ftp/pptp server from external to local host, all users
4.Pop/smtp, allow smtp/pop3 server from internal to external, all users
5.Normal access, allow netbios from local network to local network, all users
|
|
|
|
|
RE: Securenat connection issue - 14.Feb.2007 2:40:58 AM
|
|
|
danieltan07
Posts: 51
Joined: 5.Feb.2007
From: Malaysia
Status: offline
|
Hi, which rules causing problem ?
|
|
|
|
|
RE: Securenat connection issue - 14.Feb.2007 2:52:45 AM
|
|
|
danieltan07
Posts: 51
Joined: 5.Feb.2007
From: Malaysia
Status: offline
|
Sorry forget to ask that isn;t securenat and firewall client use the same dns name mechasim ? my firewall client have no problem.
|
|
|
|
|
RE: Securenat connection issue - 14.Feb.2007 4:12:14 AM
|
|
|
danieltan07
Posts: 51
Joined: 5.Feb.2007
From: Malaysia
Status: offline
|
Hi, i've configured that access policy but snat still won;t connect. I put that rule on top.
|
|
|
|
|
RE: Securenat connection issue - 14.Feb.2007 4:16:22 AM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
how many NICs your ISA have ??
whats the IP , DGW, DNS on ISA ?
whats the IP, DGW, DNS on a securenat client ?
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Securenat connection issue - 14.Feb.2007 4:53:55 AM
|
|
|
danieltan07
Posts: 51
Joined: 5.Feb.2007
From: Malaysia
Status: offline
|
2 nic on isa server. Internal nic 192.168.0.2, external nic 192.168.1.2 and gateway set to router ip . What is DGW ? Internal dns on isa server. Act as forwarder. Client using static ip and set isa internal ip as gateway and dns set to my internal dns server. Can 1 nic on isa use snat ? i used 1 nic previously to use snat.
|
|
|
|
|
RE: Securenat connection issue - 14.Feb.2007 5:01:48 AM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
DGW= Default GateWay
quote:
Can 1 nic on isa use snat ? i used 1 nic previously to use snat.
check the 5th point specially :
quote:
Configuring ISA Server with a Single Network Adapter Configuration
Problem: There are a number of issues associated with the configuration of ISA Server on a computer with a single network adapter.
Cause: The causes include:
•Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. The Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer. This has implications for running applications located on the ISA Server computer.
•Application layer inspection. Application level filtering does not function, except for Web Proxy Filter for Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) over HTTP.
•Server publishing. Server publishing is not supported. Because there is no separation of Internal and External networks, ISA Server cannot provide the NAT functionality required in a server publishing scenario.
•Firewall clients. The Firewall Client application handles requests from Winsock applications that use the Firewall service. This service is not available in a single network adapter environment.
•SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. Because the Firewall service is not available in a single network adapter configuration, such requests are not supported.
•Virtual private networking. Site-to-site virtual private networks (VPNs), and remote access VPNs are not supported in a single network adapter scenario.
source: http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx
HTH,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Securenat connection issue - 14.Feb.2007 9:23:11 AM
|
|
|
danieltan07
Posts: 51
Joined: 5.Feb.2007
From: Malaysia
Status: offline
|
Maybe i was using webproxy setting previously. Now i remember nat has to have 2 nics or 2 interfaces. Thanks for the link.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
. 