• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

non-web traffic not going through ISA?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> non-web traffic not going through ISA? Page: [1]
Login
Message << Older Topic   Newer Topic >>
non-web traffic not going through ISA? - 13.Dec.2005 4:30:06 PM   
acausemaker

 

Posts: 43
Joined: 3.Mar.2005
Status: offline
Here's my layout:

Remote office --->T1----> router in HQ office ---->ISA04
                                             |
                                             |
                                         internet

i.e. their web traffic is coming in through my router, going through the ISA server, then BACK through the router to the internet.  Works fine for web traffic since the proxy server is set in the browser settings, but any other traffic gets killed at the router and doesn't even make it to ISA.  We have the FW client installed on all the workstations; I thought that the FW client handled all the traffic and sends it to ISA. 

example:  I have users at the remote office trying to establish VPN connections to an off-site office (not connected to us at all).  Their vpn traffic dies at the router - isn't the FW client supposed to handle ALL of this traffic and take it to the ISA server?  If I enable NAT on my router, the VPN works fine b/c the router NATs it internally and shoves it right out the internet interface.  But if I turn NAT off in the router, the VPN fails.  Am I misunderstanding how the FW client handles non-web traffic?

Thanks for any light you can shed on the subject.
Andi
Post #: 1
RE: non-web traffic not going through ISA? - 13.Dec.2005 4:34:49 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
FWC plays no role in VPN.  Where is the second NIC and the clients.  FWC is useless in a single NIC deployment.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to acausemaker)
Post #: 2
RE: non-web traffic not going through ISA? - 13.Dec.2005 4:49:33 PM   
acausemaker

 

Posts: 43
Joined: 3.Mar.2005
Status: offline
My ISA04 server does have 2 nics, one internal, and one external.  I tried to make my picture as simple as I could so as not to be confusing, but maybe I over-simplified it.  Lemme try again:

remote office -->T1--> my router -->internet
                                  |
                                switch
                                     \
                                      external interface -{{ISA04}}-internal interface -- my LAN       

The remote office comes directly into my router.  all their web traffic is routed to the ISA server because of the IE proxy settings, basically making one big loop.  But any other traffic will NOT be handled by ISA, correct?  Then what's the point of installing the FW client on the remote office workstations?  (or is there no point at all?)                    

Edited to add:  the vpn client works fine from the HQ office.  We are using SonicWall Global VPN client.
                                 

< Message edited by acausemaker -- 13.Dec.2005 5:25:35 PM >

(in reply to LLigetfa)
Post #: 3
RE: non-web traffic not going through ISA? - 14.Dec.2005 4:58:30 PM   
acausemaker

 

Posts: 43
Joined: 3.Mar.2005
Status: offline
I found this article on Microsoft's KB which states that PPTP traffic is NOT handled by the FWC, which explains why the VPN client isn't working:

http://support.microsoft.com/default.aspx?scid=kb;en-us;887006

The article says to force all internet traffic through ISA by making the default gateway = internal IP of the ISA server.  I'm testing this, but it's still not cooperating.

Any suggestions??

(in reply to acausemaker)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> non-web traffic not going through ISA? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts