Access Rules vs. Publishing? (Full Version)

All Forums >> [ISA Server 2004 General ] >> General



Message


grinn253 -> Access Rules vs. Publishing? (9.Jun.2005 5:56:00 PM)

Hello,

I've always thought that Access rules are for Outgoing connections (Internal to external); with Publishing for incoming traffic (external to internal/perimeter). "[Confused]"
Well after reading:
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/excludingaddressesfromvpn. mspx

It seems they used an access rule to allow incoming connections from external networks! "[Confused]"

I duplicated their scenerio and indeed access rules for incoming connections did work. Can someone help me understand the difference betweek the two? What if publish was used instead of the access rule? "[Frown]"

Thanks,
Edgardo (feeling like such a newbie right now "[Embarrassed]" ) "[Razz]"

[ June 09, 2005, 05:57 PM: Message edited by: grinn253 ]




tshinder -> RE: Access Rules vs. Publishing? (9.Jun.2005 10:36:00 PM)

Hi Edgardo,

Indeed! It is a bit confusing.

If there is a ROUTE relationship between the source and destination Networks, you can create either an Access Rule or a Publishing Rule.

If there is a NAT relationship between the source and destination Network, then you can create Access Rules from the NATed Network to the destination Network, and Publishing Rules from the non-NATed Network to the NATed Network. For example, if you have a NAT relationship between the Default Internal Network and the default External Network, then you create Access rules from Internal to External, and Publishing Rules from External to Internal.

Make sense?

HTH,
Tom




isawader -> RE: Access Rules vs. Publishing? (10.Jun.2005 12:14:00 AM)

Tom,

I understood this concept. However, I am not sure the advandage of using a publishing rule rather than an Access Rule or vice versa from a non-NATed Network to NATed Network.




grinn253 -> RE: Access Rules vs. Publishing? (10.Jun.2005 11:45:00 AM)

quote:
Originally posted by tshinder:
Make sense?

[Smile] Hmm, well after reading your post, i was reminded of your article regarding publishing Public IPs in a DMZ:
http://www.isaserver.org/articles/2004pubdmzservers.html
And yes now it makes sense again! :Thanks for jogging my memory [Big Grin]

Goodbye!
Edgardo

btw, great ISA Server 2004 book It is an awesome resource with nicely organized information! Makes looking for information so much more appealing.




Page: [1]