• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What exact is the purpose of the ISA Client?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Firewall Client >> What exact is the purpose of the ISA Client? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What exact is the purpose of the ISA Client? - 17.Jan.2012 3:49:58 PM   
andrewzuza

 

Posts: 5
Joined: 28.Jul.2011
Status: offline
I have a 3 legged ISA 2006 Configuration. The Nics are as follows:

External = Internet
Internal = LAN
DMZ = DMZ

I recently added a L3 switch and set DHCP to add the gateway of the L3 switch to the employees NIC instead of the IP of the ISA Internal NIC so that I could route between the Internal VLAN and a new VLAN for my VoiP system. I set a default route in the L3 switch to go to ISA. The VoIP system is not a part of ISA.

For some reason, when I try to access the web server of one of my VoIP servers, the request is hitting ISA who is rejecting is because ISA is not aware of the VOIP Vlan. I added the IP addresses of the VOIP network to the internal NIC and to the Internal Network rule in the network settings of ISA to prevent ISA from rejecting the connection, but still it rejects it.

I have also tried removing the proxy settings in the browser that point to ISA, but still, I get a denied connection from ISA even though the request is going to the L3 switch first through the PC nic and not to ISA from the proxy rule in the browser.

Is the ISA client adding something to the packets which are causing my web traffic to flow back to ISA? What exactly is the purpose of the ISA client?
Post #: 1
RE: What exact is the purpose of the ISA Client? - 20.Jan.2012 11:46:38 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
You have to use the "name",...not an IP# when you access it.

It is a flaw in the design of IE (and possibly other browsers) where the brower misinterpets the IP to be a FQDN and passes it to the proxy for resolution,...which will always fail.

Create and entry in your AD DNS for the VoIP Server,...just "make up" a name for if you have to (one word, no spaces, 15 characters of less to be safe).  If you have a WINS  Server repeat that with a matching name on the WINS Server.

This is an old browser flaw that has been around for years and it will probably never get solved,...there are only workarounds.

The ISA Client
Well first, it has nothing to do with the problem although it sometimes solves the problem.
It is a Winsock LSP.
The Firewall Service on the ISA is actually a Winsock Proxying Service, and the only way to work with a Winsock Proxying Service is to use a Winsock LSP (Layer Service Provider) on the client-side.

Go to the "Help" in the ISA MMC and look for the section explaing the 3 different Client Types.  The only way for full functionality is for a Client machine to be all three types at the same time.

_____________________________

Phillip Windell

(in reply to andrewzuza)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Firewall Client >> What exact is the purpose of the ISA Client? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts