Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Web Publishing / RRAS wierdness

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Web Publishing / RRAS wierdness Page: [1]
Login
Message << Older Topic   Newer Topic >>
Web Publishing / RRAS wierdness - 11.Feb.2004 3:03:00 AM   
adidell

 

Posts: 7
Joined: 5.Aug.2003
Status: offline 		Hey,

I am having a couple strange issues with Beta 2 of ISA 2004. Of course, this is not surprising in a beta 2 release, but I am curious if anyone else has had this happen.

I am running a lab ISA on a:

500 Mhz Pentium III
Dual 100Mb NICs
384 Mb RAM
Windows 2003 Enterprise Ed.

The 2 issues I have had are:

1. If I make any change to the firewall rules, ISA seems to want to flip the RRAS setting regarding use of DHCP vs. a IP Range for RRAS VPN clients. To work around this, I setup DHCP on another box on that subnet to get around the issue. Also, it might be worth reminding admins in the docs that they need to:

a. Setup DHCP Relay Agent in RRAS and add the ôInternalö virtual interface in RRAS to that Routing Protocol.
b. Also, a firewall rule to allow the DHCP protocols needs to be setup from the LocalHost to the IP of the DHCP server. Otherwise, in RRAS and therefore to clients trying to VPN in they get an auto-assigned IP instead of one from the DHCP scope.

2. I had a web publishing rule setup for my web site, and it was working perfectly. The rule was just passing HTTP (ie. No SSL or SSL bridging). Now, no matter what I do, it shows a message from any network that ISA is blocking that URL, as if I had typed it incorrectly. I have it set now to no longer restrict based on the public name, so IÆm stumped. I have an OWA rule allowing access to OWA from the VPN clients network only, and that seems to work.

Any help on this would be appreciated!
Post #: 1
RE: Web Publishing / RRAS wierdness - 11.Feb.2004 3:08:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Adidell,

I find that the RRAS service is able to get the addresses from the internal DHCP server without requiring any special access policy. However, if you want the ISA firewall to be a DHCP server, you have to jump through some hoops [Smile]

Good point re: DHCP Relay Agent -- I do an article on that, probably as an update for the ISA 2004 VPN Deployment Kit. I haven't checked out support for DHCPINFORM, so you might be right about requiring an AR for this.

I'll have to check into the publishing wierdness. I haven't seen it yet, but I see what I can do to make it happen [Smile]

Thanks!
Tom

(in reply to adidell)
Post #: 2
RE: Web Publishing / RRAS wierdness - 17.Feb.2004 3:31:00 AM   
adidell

 

Posts: 7
Joined: 5.Aug.2003
Status: offline 		Thanks! It is only Beta 2 after all [Smile] . I just want to get my hands on Enterprise Edition!

Andrew Idell
MCSE+I, CISSP

(in reply to adidell)
Post #: 3
RE: Web Publishing / RRAS wierdness - 17.Feb.2004 12:29:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Andrew,

Me too!

Tom

(in reply to adidell)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Web Publishing / RRAS wierdness Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts