i am sorry if the same/similar thread already exists in the forum.
I just want to give direct access to internet for some of my network clients, because the applications running on their computers' does not support proxy.
Right now, on all of the browsers i manually set the proxy configuration (192.168.1.1:8080). The antivirus, messenger and etc. stuff work excellent. I can monitor and filter web traffic. But some essential apps cannot access internet through proxy, so i have to give direct access to those clients. How can i do? Can you please be descriptive in your replies. Thanks.
Is it OK if the isa will have 2 different dns servers, one from isp and another its internal dns?
No, you have to configure dns servers only on isa internal nic. Then internal Dns servers resolves external names asking external Dns ( forwarders) ( could be the Isp Dns servers ). You will have to do an access rule to protocol 53 to your internal dns servers. I recommend you to ask your ISP to give you a fix Ip. Maybe you have to pay more to ISP. Another solution could be install another router in front of isa server , in order to receive dinamic ip from isp, with static ip in the inside interface, that will be the gateway of the isa server and will permit to you configure static ip in the external inerface of your isa server.
Internet <->( dinamic ip ) router <-> Isa server <-> internal LAN.
My clients' default gateway ip is already the isa's internet ip address, that is 192.168.1.1 (as i have written on my first post). Or i am missing something, and did not understand you?
So, in the computers running aplications that need direct access, only use securenat client, not proxy client. If you have to authenticate users access you will have to install firewall client in that computers.
< Message edited by hrsanchez -- 23.Dec.2009 12:59:57 PM >
Eng.Hector Sanchez MCSE + Security 2000/2003 MCTS Isa 2004/Isa 2006
Then, my question is how can i configure the server and the client to work in securenat?
I have read several articles about ISA'a securenat configuration, but i did not find the information i need.
on one of the articles, it says: "You make a machine a SecureNAT client when you point its default gateway to an interface that routes Internet bound requests to the internal interface of the ISA Server. The default gateway is the IP address of the internal interface of the ISA Server if the client is on the same network ID as the internal interface of the ISA Server."
My clients' network configuration is already ok. So what should i do with the isa server in order for it to treat some clients as securenat rather than web proxy client?