Hi all I install isa server 2006 with surfcontrol for filtering, I setup -all users have invalid IP 172.16.207.2-250 - external lan have invalid ip 10.20.30.2 -IP on internal lan's router is 10.20.30.1 -all external traffic Route to my router for natting and routing to internet by network rule (Route) But after analysis it I see all traffic whas send to port 80 in ISA (by web proxy service) NAT to 10.20.30.2 and then go to router anothers ports are going to router and NAT into this. for example: on port 80 see 172.16.207.2->NAT in ISA with 10.20.30.2 -> NAT in router with valid IP another ports 172.16.207.2->route with ISA to Router-> NAT in router Can I omit NAT in ISA server ,(I want NAtting do in router and filtering, firewalling do in ISA). Best Regards Kamal
You can define the 10.20.30.0 network as an ISA Firewall Network and then configure a Route Relationship between that and the default Internal Network. Then you will see the original source IP address on the NAT device in front of the ISA Firewall.
I check it and all 10.20.30.0 IP's for all ports route to NAT Router but in port 80 it isnot correct all IP's NAT to 10.20.30.2 and after that route to NAT Router I also try to define a seperated rule but my problem is existing now. all problem on port 80 and web proxy!!!! PLZ help me. Thanks Kamal
Good point. All Web proxies (not just the ISA Firewall) will use their own IP address when forwarding connections. That's because the Web proxy is the actual machine issuing the request. The Web proxy requests the content on behalf of the client, so that's why the ISA Firewall's external IP address appears to the upstream device for connections that go through the ISA Firewall's Web Proxy filter.
Thank you agian tshinder for your replay W What can I do? Web proxy filter does not disable item and I need to all client IP's in NAT Server for my policies. Is solution exist for this problem? Best Regards Kamal
Then you need to define an ISA Firewall Network for the network ID that the LAN interface of the upstream router is located where you want to see the original source IP address. After creating the ISA Firewall Network, create a ROUTE Network Rule connecting the default Internal Network and the new ISA Firewall Network you created.
Hi Thomas W Shinder, Thank you for your replay, after I do it I can resolve my problem but now I have a new problem, when I do not use web proxy the user connection very slow?!!! but he can use internet and all protocol are routed to my NAT server(Cisco router) Thank you again for your attention Best Regards Kamal