• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of the Getting Started with ISA2004 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of the Getting Started with ISA2004 article Page: <<   < prev  1 2 3 [4]
Login
Message << Older Topic   Newer Topic >>
RE: Discussion of the Getting Started with ISA2004 article - 31.Jan.2004 4:11:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Linke,

You bet! I hope to get that IPSec tunnel mode article up soon. This will allow you to place the ISA2004 firewall easily at any branch office can connect to the current VPN server at the main office. Works great so far.

Thanks!
Tom

(in reply to tshinder)
Post #: 61
RE: Discussion of the Getting Started with ISA2004 article - 31.Jan.2004 11:04:00 AM   
ECSQATAR

 

Posts: 4
Joined: 9.Nov.2003
Status: offline
Well i really appericiate ur hard work all of u , u r doing termandous job doc:).
Through ur form i would like to thank Microsoft ,i am always a secret admirer of Microsoft but the release of Microsoft windows Server 2003 and Isa 2004 forced me to appericiate the legend(even beta [Smile] ) .All i have to say is "cool work Microsoft, keep it up u r simply the best ." .Now don't consider me working for Microsoft [Smile] .Thanks all of u ,keep ur good and remarkable work going.A tost for ur health [Smile]

(in reply to tshinder)
Post #: 62
RE: Discussion of the Getting Started with ISA2004 article - 31.Jan.2004 12:23:00 PM   
rbilek

 

Posts: 3
Joined: 31.Jan.2004
From: Brno, Czech Republic
Status: offline
Hi Tom,
in your article http://www.isaserver.org/articles/isa2004beta2.html is:

As with all firewall installations, DNS and DHCP are critical factors in making sure that everything works correctly. You can install a DNS server on the ISA Server 2004 firewall computer and use it to connect to the Internet, or you can use a DNS server located on your internal network.

In "Edge Firewall" template configuration with no internal DNS server:

1/ Is it possible to only add IP addresses of ISP DNS servers to external NIC and not to install DNS server on firewall?

2/ Without IP addresses of DNS servers on external NIC, DNS server installed on firewall must be configured as DNS forwarder?

Thanks
Ros

(in reply to tshinder)
Post #: 63
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 12:31:00 AM   
Ole Kristian

 

Posts: 18
Joined: 4.Aug.2002
From: Norway
Status: offline
I'm curious about the new vpn functionallity. Can you implement policies on the vpn clients on a per user basis? I'd like to have full access, and impose some restrictions to the regular users.

I know that Win2k3 has some quarantine functions that you can use to keep unpatched clients or clients without updated antivirus out of your network. Does ISA2004 improve on this functionallity?

Also, can you implement different policies on different IPSEC tunnels - for example limiting one to only allow citrix traffic while another is completely open?

- Ole Kristian

(in reply to tshinder)
Post #: 64
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 2:44:00 AM   
unclehughie

 

Posts: 70
Joined: 31.Dec.2001
From: Montreal, Canada
Status: offline
Tom
I've installed and configured ISA 2004 on a member Win2K3 Server in an SBS domain. The domain controller and client computers can connect to the Internet. But the ISA/Win2K3 Server won't, and reports that HTTP 502 Proxy Error - The ISA Server denies the specified URL. NSLookup works fine on the ISA machine.
Any ideas?

(in reply to tshinder)
Post #: 65
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:16:00 PM   
unclehughie

 

Posts: 70
Joined: 31.Dec.2001
From: Montreal, Canada
Status: offline
Further to my post about accessing the Internet from the ISA Server machine, I've discovered that the only URL that works from that machine is microsoft.com and its sub-sites and associated sites such as msdn
Is this a conspiracy?? Understand, I'm joking, but I'm also puzzled.

(in reply to tshinder)
Post #: 66
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:23:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by rbilek:
Hi Tom,
in your article http://www.isaserver.org/articles/isa2004beta2.html is:

As with all firewall installations, DNS and DHCP are critical factors in making sure that everything works correctly. You can install a DNS server on the ISA Server 2004 firewall computer and use it to connect to the Internet, or you can use a DNS server located on your internal network.

In "Edge Firewall" template configuration with no internal DNS server:

1/ Is it possible to only add IP addresses of ISP DNS servers to external NIC and not to install DNS server on firewall?

2/ Without IP addresses of DNS servers on external NIC, DNS server installed on firewall must be configured as DNS forwarder?

Thanks
Ros

Hi Ros,

If you don't have an internal DNS server, then you can configure the ISA2004 firewall to use an external DNS server. You can enter that address on the internal interface. Make sure the internal interface is on the top of the interface list.

HTH,
Tom

(in reply to tshinder)
Post #: 67
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:26:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Ole Kristian:
I'm curious about the new vpn functionallity. Can you implement policies on the vpn clients on a per user basis? I'd like to have full access, and impose some restrictions to the regular users.

I know that Win2k3 has some quarantine functions that you can use to keep unpatched clients or clients without updated antivirus out of your network. Does ISA2004 improve on this functionallity?

Also, can you implement different policies on different IPSEC tunnels - for example limiting one to only allow citrix traffic while another is completely open?

- Ole Kristian

Hi Ole,

Yes! You can create per user Access Policies for VPN clients. For example, you can give the "Exchange Users" group access to the Exchange Server RPC server, and nothing else! Better neat, eh?

HTH,
Tom

(in reply to tshinder)
Post #: 68
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:28:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by unclehughie:
Tom
I've installed and configured ISA 2004 on a member Win2K3 Server in an SBS domain. The domain controller and client computers can connect to the Internet. But the ISA/Win2K3 Server won't, and reports that HTTP 502 Proxy Error - The ISA Server denies the specified URL. NSLookup works fine on the ISA machine.
Any ideas?

Hi Unk,

If you want to make the ISA2004 firewall box a Web Proxy client, you'll need to enable the Outgoing Web Requests listener and configure an Access Rule that allows outbound access to HTTP/HTTPS from local host.

Check out the Release Notes for some info on this. I'll be doing a tuturoial on this in the near future.

Thanks!
Tom

(in reply to tshinder)
Post #: 69
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:30:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by unclehughie:
Further to my post about accessing the Internet from the ISA Server machine, I've discovered that the only URL that works from that machine is microsoft.com and its sub-sites and associated sites such as msdn
Is this a conspiracy?? Understand, I'm joking, but I'm also puzzled.

Hi Unk,

Those are built-in sites that you're allowed access. Take a look at the Firewall System Policy and you'll see where those sites fit into the management scheme.

HTH,
Tom

(in reply to tshinder)
Post #: 70
RE: Discussion of the Getting Started with ISA2004 article - 11.Feb.2004 10:03:00 PM   
Guest
Hi everybody.

Does anybody know if the beta will run on Small Business Server 2003?

Looking forward to your response

Erik Jongen

(in reply to tshinder)
  Post #: 71
RE: Discussion of the Getting Started with ISA2004 article - 15.Feb.2004 12:45:00 AM   
pwz

 

Posts: 2
Joined: 15.Feb.2004
Status: offline
Tom,

We are going to buy ISA 2000 and implement it in a month. Could we buy a ISA 2000 as well as have an option to get ISA 04 upgrade for free.

(in reply to tshinder)
Post #: 72
RE: Discussion of the Getting Started with ISA2004 article - 18.Feb.2004 1:04:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by <Erik Jongen>:
Hi everybody.

Does anybody know if the beta will run on Small Business Server 2003?

Looking forward to your response

Erik Jongen

Hi Erik,

Right now it seems like people are having problems installing it on a DC. But those problems should be fixed by the time its released in final version.

HTH,
Tom

(in reply to tshinder)
Post #: 73
RE: Discussion of the Getting Started with ISA2004 article - 18.Feb.2004 1:05:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by ISABoy:
Tom,

We are going to buy ISA 2000 and implement it in a month. Could we buy a ISA 2000 as well as have an option to get ISA 04 upgrade for free.

Hi ISAboy,

I think MS will be offering some kind of deal. You should check with your software assurance rep.

HTH,
Tom

(in reply to tshinder)
Post #: 74
RE: Discussion of the Getting Started with ISA2004 article - 3.Mar.2004 5:55:00 PM   
ehjyen

 

Posts: 4
Joined: 1.Oct.2002
From: Australia
Status: offline
quote:
Originally posted by tshinder:

Hi Ole,

Yes! You can create per user Access Policies for VPN clients. For example, you can give the "Exchange Users" group access to the Exchange Server RPC server, and nothing else! Better neat, eh?

HTH,
Tom

Hi, sorry for possibly being obtuse but how exactly would I go about doing extactly as you described - limiting a vpn client to only outlook access to an Exchange server, and preventing anything else? Thanks.

(in reply to tshinder)
Post #: 75
RE: Discussion of the Getting Started with ISA2004 article - 12.Jun.2004 5:07:00 AM   
luct

 

Posts: 1
Joined: 12.Jun.2004
From: Malaysia
Status: offline
Hi, i already install and configure the ISA 2004 Beta 2. Next step is ia want to know how i going to configure my client's pc to connect to ISA 2004 over to the internet. Please reply me. Thanks.

(in reply to tshinder)
Post #: 76
RE: Discussion of the Getting Started with ISA2004 article - 12.Jun.2004 5:52:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Charles,

Check out the configuration guide or the Quick Start Guide over at www.msfirewall.org/isa2004kits.htm.

HTH,
Tom

(in reply to tshinder)
Post #: 77
RE: Discussion of the Getting Started with ISA2004 article - 30.Nov.2004 5:04:00 PM   
rmarais

 

Posts: 8
Joined: 29.Nov.2004
From: South Africa
Status: offline
I need help setting up my ISA server 2004. I am running a small network from home and want to host web content via DSL. I have the same setup as described in the http://www.isaserver.org/articles/isa2004beta2.html article. I am running Win2K3 with ISA 2004 ontop. This box is also hosting my IIS websites that I want to host via host headers. In South Africa our telecoms provider bounces our IP every night to try and prevent hosting from home. We get away via DNS hosting companies (www.no-ip.com) - hosting our ever~changing IP's for us.

I have installed ISA and configured the internal NIC as the local LAN and the external NIC is connected to the DSL router. Exactly as in the article's picture. By default the ISA config blocks all comms in and out. I have setup the Firewall rule to allow Outgoing traffic - so the LAN and the ISA box can surf. The PAT setup on the router has been done to allow the comms on port 80 through to the correct IP of the ISA server. Now....I have tried to get the Posting of a Web site working but with no luck. Could you walk me through the config behind this?

PS. I have had the hosting of the sites working through normal Win2K3 firewall settings, but with the ISA server install it stopped working.

Thanks

Righardt Marais
Software Configuration Manager Righardt.Marais@20twenty.com | mobile +27 82 444 7577 | direct +27 21 481 8538 | www.20twenty.com

(in reply to tshinder)
Post #: 78

Page:   <<   < prev  1 2 3 [4] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of the Getting Started with ISA2004 article Page: <<   < prev  1 2 3 [4]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts