• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about Chapter 2 in the book

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> Discussion about Chapter 2 in the book Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about Chapter 2 in the book - 16.Dec.2004 5:25:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is about discussing chapter 2 in the book, which is now online at http://isaserver.org/articles/Configuring-ISA-Server-2004-Chapter2.html

Thanks!
Tom
Post #: 1
RE: Discussion about Chapter 2 in the book - 17.Dec.2004 12:12:00 PM   
avanheel

 

Posts: 8
Joined: 24.Nov.2004
From: Netherlands
Status: offline
Dear Tom and Debi Shinder.

i have the book now for almost a week and must say, it's a great book with a lot of information, background and sampels withs are easaly adapt in real live situations.

it's even greater then i thougt, becouse it explains a litle about scripting a black list url.
im currently have build a script that's import over a million of listed urls witch can be downloaded from blacklists.com one time for free after that you have to pay fair a annual fee.

there is only one drawback on having a million of listed urls and domains. backingup(XML) the ISA server takes several hours to make.

the bautie is the performance is'nt slower then with no rules applied, traffic is still fast bypassing the isa server.(this is just wat the book say but hey i have to found out be myself)

Well Tom and Dabi,
i only say one more thing keep on going with this great work.

(in reply to tshinder)
Post #: 2
RE: Discussion about Chapter 2 in the book - 17.Dec.2004 4:14:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Avanheel,

Thanks for the kind words about the book! [Big Grin]

Tom

(in reply to tshinder)
Post #: 3
RE: Discussion about Chapter 2 in the book - 20.Dec.2004 2:34:00 PM   
larrypearl

 

Posts: 4
Joined: 16.Nov.2004
Status: offline
Thanks for the great article. It has been really useful to me.

"Now all users can access Hotmail via an easily-configured firewall rule without any need for special configuration on either the client or the firewall."

A question - what is needed to get this going? How is it set up?

(in reply to tshinder)
Post #: 4
RE: Discussion about Chapter 2 in the book - 20.Dec.2004 3:04:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Larry,

[Big Grin]

It's in the chapter on configuring access rules and firewall policy

Treat yourself to a Christmas present and get the book! What other site do you get the author to give interactive help on his book? (OK, Debi wrote half the book, but I'll support her stuff too)

Thanks!
Tom

(in reply to tshinder)
Post #: 5
RE: Discussion about Chapter 2 in the book - 26.Dec.2004 8:59:00 PM   
petri.ala-annala@fiasco.f

 

Posts: 28
Joined: 26.Nov.2004
From: Helsinki
Status: offline
Sneak preview was great, one thing I still wonder: Missing in Action: Gone But Not Forgotten said that active caching was left out from ISA Server 2004, still, I can find cache > properties > active caching tab and old settings for that feature. So, active caching or not with ISA 2004? [Wink]

(in reply to tshinder)
Post #: 6
RE: Discussion about Chapter 2 in the book - 27.Dec.2004 12:27:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Petri,

The interface is still there, but it doesn't do anything [Razz]

HTH,
Tom

(in reply to tshinder)
Post #: 7
RE: Discussion about Chapter 2 in the book - 27.Dec.2004 12:34:00 PM   
Guest
Hi, i have configured ISA 2004 firewall for site-to-site VPN for my Head Office network and I need ISA to be domain controller for branch network.
From Branch network I can access to Main office network, but not from ISA, from Main office I can
access into Branch network, but not to ISA.
ISA IP's
84.240.192.23. - (external) local tunnel end point
172... - ISP
192.168.0.0 - internal
62.231.2.2.. - remote tunnel end point
192.168.10.0 - remote network
All allow polisy rules was added
If i add route 192.168.10.0 mask 255.255.255.0 84.240.192.23
Networks become not availaible
pt@front.ru

(in reply to tshinder)
  Post #: 8
RE: Discussion about Chapter 2 in the book - 27.Dec.2004 6:21:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Loki,

At this time, the ISA firewall isn't supported on a DC. I may try to come up with a hack for this in the future, but at this time, it's not supported.

HTH,
Tom

(in reply to tshinder)
Post #: 9
RE: Discussion about Chapter 2 in the book - 28.Dec.2004 6:02:00 AM   
Guest
Hi tshinder,

How can I add server with installed ISA into my domain?
There are two network interfaces on the ISA Server computer:
192.168.0.1 - internal
84.240.192.233 - external and local VPN tunnel endpoint

When I enter ping 192.168.10.248(pdc in the main office) it gives me the following message:
Pinging 192.168.10.248 with 32 bytes of data:

Reply from 80.255.57.105: Destination host unreachable.
Reply from 80.255.57.105: Destination host unreachable.

From another computers in branch network ping is working fine.

So I think that ISA Server does not use VPN channel and is trying to connect to remote host through the internet connection.

How can i fix it?

Thanks.

(in reply to tshinder)
  Post #: 10
RE: Discussion about Chapter 2 in the book - 31.Dec.2004 5:50:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Loki,

Do you have a site to site VPN connecting the local and remote networks? If so, there is no problem connecting the sites and pinging the remote site from the local site and the local site from the remote site.

HTH,
Tom

(in reply to tshinder)
Post #: 11
RE: Discussion about Chapter 2 in the book - 5.Jan.2005 6:18:00 AM   
Guest
Hi Tom,

Yes, I have the site to site VPN connecting the local and remote networks. The problem is I cannot connect from the Local Host (ISA Server computer) to the remote site throught VPN though I can connect to the remote site from any other workstations in my local network (all these computers are connecting throught the ISA Server computer).
____________________________________________
This trace and ping for remote network from ISA Server computer:
Tracing route to [192.168.10.248]
over a maximum of 30 hops:

1 61 ms 72 ms 137 ms 84.240.192.14
2 692 ms 761 ms 636 ms 80.255.57.105
3 * * 80.255.57.105 reports: Destination host unreachable.

Trace complete.

ping 192.168.10.248

Request timed out.
Reply from 80.255.57.105: Destination host unreachable.
Reply from 80.255.57.105: Destination host unreachable.
Request timed out.
______________________________________________
And this trace and ping results from any other computer:

Tracing route to [192.168.10.248]
over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms EXCHANGE [192.168.0.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 ^C

ping 192.168.10.248

Pinging 192.168.10.248 with 32 bytes of data:

Reply from 192.168.10.248: bytes=32 time=796ms TTL=126
Reply from 192.168.10.248: bytes=32 time=985ms TTL=126
Reply from 192.168.10.248: bytes=32 time=937ms TTL=126

(in reply to tshinder)
  Post #: 12
RE: Discussion about Chapter 2 in the book - 5.Jan.2005 6:27:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Loki,

OK, that's different. Did you create an Access Rule to allow that communication?

Thanks!
Tom

(in reply to tshinder)
Post #: 13
RE: Discussion about Chapter 2 in the book - 5.Jan.2005 11:32:00 AM   
Guest
Yes, access rules was created and it allowed all traffic between all VPN gateways and all VPN networks.

(in reply to tshinder)
  Post #: 14
RE: Discussion about Chapter 2 in the book - 25.Feb.2005 2:21:00 PM   
larrypearl

 

Posts: 4
Joined: 16.Nov.2004
Status: offline
quote:
Originally posted by tshinder:
Hi Larry,

[Big Grin]

It's in the chapter on configuring access rules and firewall policy

Treat yourself to a Christmas present and get the book! What other site do you get the author to give interactive help on his book? (OK, Debi wrote half the book, but I'll support her stuff too)

Thanks!
Tom

Hello Tom,
I purchased the book and looked up the chapter. I found the discussion on hotmail on page 564. However, it's about blocking access to Hotmail. In the quotation I posted earlier, it said "Now all users can access Hotmail via an easily-configured firewall rule without any need for special configuration on either the client or the firewall."

The quote seems to be talking about having to set something up to allow access to Hotmail (not about blocking). Do I misunderstand the text?

(in reply to tshinder)
Post #: 15
RE: Discussion about Chapter 2 in the book - 25.Feb.2006 4:02:58 PM   
JBossmin

 

Posts: 1
Joined: 25.Feb.2006
Status: offline
Tom -

Excellent article - very easy to follow, and a wealth of information!

Quick question - (and it may seem like a silly one) - Can ISA Server 2004 be setup only as a caching server?

I have sufficient outer perimeter security, but what I really need is a nice caching server.

Please let me know your thoughts on this - and thanks again!

Sincerely,
JBossmin

(in reply to tshinder)
Post #: 16

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> Discussion about Chapter 2 in the book Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts