I have a 3 legged ISA 2006 Configuration. The Nics are as follows:
External = Internet Internal = LAN DMZ = DMZ
I recently added a L3 switch and set DHCP to add the gateway of the L3 switch to the employees NIC instead of the IP of the ISA Internal NIC so that I could route between the Internal VLAN and a new VLAN for my VoiP system. I set a default route in the L3 switch to go to ISA. The VoIP system is not a part of ISA.
For some reason, when I try to access the web server of one of my VoIP servers, the request is hitting ISA who is rejecting is because ISA is not aware of the VOIP Vlan. I added the IP addresses of the VOIP network to the internal NIC and to the Internal Network rule in the network settings of ISA to prevent ISA from rejecting the connection, but still it rejects it.
I have also tried removing the proxy settings in the browser that point to ISA, but still, I get a denied connection from ISA even though the request is going to the L3 switch first through the PC nic and not to ISA from the proxy rule in the browser.
Is the ISA client adding something to the packets which are causing my web traffic to flow back to ISA? What exactly is the purpose of the ISA client?
From: Taylorville, IL
You have to use the "name",...not an IP# when you access it.
It is a flaw in the design of IE (and possibly other browsers) where the brower misinterpets the IP to be a FQDN and passes it to the proxy for resolution,...which will always fail.
Create and entry in your AD DNS for the VoIP Server,...just "make up" a name for if you have to (one word, no spaces, 15 characters of less to be safe). If you have a WINS Server repeat that with a matching name on the WINS Server.
This is an old browser flaw that has been around for years and it will probably never get solved,...there are only workarounds.
The ISA Client Well first, it has nothing to do with the problem although it sometimes solves the problem. It is a Winsock LSP. The Firewall Service on the ISA is actually a Winsock Proxying Service, and the only way to work with a Winsock Proxying Service is to use a Winsock LSP (Layer Service Provider) on the client-side.
Go to the "Help" in the ISA MMC and look for the section explaing the 3 different Client Types. The only way for full functionality is for a Client machine to be all three types at the same time.