Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion of the Getting Started with ISA2004 article
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion of the Getting Started with ISA2004 article - 31.Jan.2004 4:11:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Linke,
You bet! I hope to get that IPSec tunnel mode article up soon. This will allow you to place the ISA2004 firewall easily at any branch office can connect to the current VPN server at the main office. Works great so far.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 31.Jan.2004 12:23:00 PM
|
|
|
rbilek
Posts: 3
Joined: 31.Jan.2004
From: Brno, Czech Republic
Status: offline
|
Hi Tom,
in your article http://www.isaserver.org/articles/isa2004beta2.html is:
As with all firewall installations, DNS and DHCP are critical factors in making sure that everything works correctly. You can install a DNS server on the ISA Server 2004 firewall computer and use it to connect to the Internet, or you can use a DNS server located on your internal network.
In "Edge Firewall" template configuration with no internal DNS server:
1/ Is it possible to only add IP addresses of ISP DNS servers to external NIC and not to install DNS server on firewall?
2/ Without IP addresses of DNS servers on external NIC, DNS server installed on firewall must be configured as DNS forwarder?
Thanks
Ros
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 12:31:00 AM
|
|
|
Ole Kristian
Posts: 18
Joined: 4.Aug.2002
From: Norway
Status: offline
|
I'm curious about the new vpn functionallity. Can you implement policies on the vpn clients on a per user basis? I'd like to have full access, and impose some restrictions to the regular users.
I know that Win2k3 has some quarantine functions that you can use to keep unpatched clients or clients without updated antivirus out of your network. Does ISA2004 improve on this functionallity?
Also, can you implement different policies on different IPSEC tunnels - for example limiting one to only allow citrix traffic while another is completely open?
- Ole Kristian
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 2:44:00 AM
|
|
|
unclehughie
Posts: 70
Joined: 31.Dec.2001
From: Montreal, Canada
Status: offline
|
Tom
I've installed and configured ISA 2004 on a member Win2K3 Server in an SBS domain. The domain controller and client computers can connect to the Internet. But the ISA/Win2K3 Server won't, and reports that HTTP 502 Proxy Error - The ISA Server denies the specified URL. NSLookup works fine on the ISA machine.
Any ideas?
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:16:00 PM
|
|
|
unclehughie
Posts: 70
Joined: 31.Dec.2001
From: Montreal, Canada
Status: offline
|
Further to my post about accessing the Internet from the ISA Server machine, I've discovered that the only URL that works from that machine is microsoft.com and its sub-sites and associated sites such as msdn
Is this a conspiracy?? Understand, I'm joking, but I'm also puzzled.
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:23:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by rbilek:
Hi Tom,
in your article http://www.isaserver.org/articles/isa2004beta2.html is:
As with all firewall installations, DNS and DHCP are critical factors in making sure that everything works correctly. You can install a DNS server on the ISA Server 2004 firewall computer and use it to connect to the Internet, or you can use a DNS server located on your internal network.
In "Edge Firewall" template configuration with no internal DNS server:
1/ Is it possible to only add IP addresses of ISP DNS servers to external NIC and not to install DNS server on firewall?
2/ Without IP addresses of DNS servers on external NIC, DNS server installed on firewall must be configured as DNS forwarder?
Thanks
Ros
Hi Ros,
If you don't have an internal DNS server, then you can configure the ISA2004 firewall to use an external DNS server. You can enter that address on the internal interface. Make sure the internal interface is on the top of the interface list.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:26:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Ole Kristian:
I'm curious about the new vpn functionallity. Can you implement policies on the vpn clients on a per user basis? I'd like to have full access, and impose some restrictions to the regular users.
I know that Win2k3 has some quarantine functions that you can use to keep unpatched clients or clients without updated antivirus out of your network. Does ISA2004 improve on this functionallity?
Also, can you implement different policies on different IPSEC tunnels - for example limiting one to only allow citrix traffic while another is completely open?
- Ole Kristian
Hi Ole,
Yes! You can create per user Access Policies for VPN clients. For example, you can give the "Exchange Users" group access to the Exchange Server RPC server, and nothing else! Better neat, eh?
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:28:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by unclehughie:
Tom
I've installed and configured ISA 2004 on a member Win2K3 Server in an SBS domain. The domain controller and client computers can connect to the Internet. But the ISA/Win2K3 Server won't, and reports that HTTP 502 Proxy Error - The ISA Server denies the specified URL. NSLookup works fine on the ISA machine.
Any ideas?
Hi Unk,
If you want to make the ISA2004 firewall box a Web Proxy client, you'll need to enable the Outgoing Web Requests listener and configure an Access Rule that allows outbound access to HTTP/HTTPS from local host.
Check out the Release Notes for some info on this. I'll be doing a tuturoial on this in the near future.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 1.Feb.2004 4:30:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by unclehughie:
Further to my post about accessing the Internet from the ISA Server machine, I've discovered that the only URL that works from that machine is microsoft.com and its sub-sites and associated sites such as msdn
Is this a conspiracy?? Understand, I'm joking, but I'm also puzzled.
Hi Unk,
Those are built-in sites that you're allowed access. Take a look at the Firewall System Policy and you'll see where those sites fit into the management scheme.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 11.Feb.2004 10:03:00 PM
|
|
|
Guest
|
Hi everybody.
Does anybody know if the beta will run on Small Business Server 2003?
Looking forward to your response
Erik Jongen
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 15.Feb.2004 12:45:00 AM
|
|
|
pwz
Posts: 2
Joined: 15.Feb.2004
Status: offline
|
Tom,
We are going to buy ISA 2000 and implement it in a month. Could we buy a ISA 2000 as well as have an option to get ISA 04 upgrade for free.
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 18.Feb.2004 1:04:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by <Erik Jongen>:
Hi everybody.
Does anybody know if the beta will run on Small Business Server 2003?
Looking forward to your response
Erik Jongen
Hi Erik,
Right now it seems like people are having problems installing it on a DC. But those problems should be fixed by the time its released in final version.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 18.Feb.2004 1:05:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by ISABoy:
Tom,
We are going to buy ISA 2000 and implement it in a month. Could we buy a ISA 2000 as well as have an option to get ISA 04 upgrade for free.
Hi ISAboy,
I think MS will be offering some kind of deal. You should check with your software assurance rep.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 3.Mar.2004 5:55:00 PM
|
|
|
ehjyen
Posts: 4
Joined: 1.Oct.2002
From: Australia
Status: offline
|
quote:
Originally posted by tshinder:
Hi Ole,
Yes! You can create per user Access Policies for VPN clients. For example, you can give the "Exchange Users" group access to the Exchange Server RPC server, and nothing else! Better neat, eh?
HTH,
Tom
Hi, sorry for possibly being obtuse but how exactly would I go about doing extactly as you described - limiting a vpn client to only outlook access to an Exchange server, and preventing anything else? Thanks.
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 12.Jun.2004 5:07:00 AM
|
|
|
luct
Posts: 1
Joined: 12.Jun.2004
From: Malaysia
Status: offline
|
Hi, i already install and configure the ISA 2004 Beta 2. Next step is ia want to know how i going to configure my client's pc to connect to ISA 2004 over to the internet. Please reply me. Thanks.
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 12.Jun.2004 5:52:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Charles,
Check out the configuration guide or the Quick Start Guide over at www.msfirewall.org/isa2004kits.htm.
HTH,
Tom
|
|
|
|
|
RE: Discussion of the Getting Started with ISA2004 article - 30.Nov.2004 5:04:00 PM
|
|
|
rmarais
Posts: 8
Joined: 29.Nov.2004
From: South Africa
Status: offline
|
I need help setting up my ISA server 2004. I am running a small network from home and want to host web content via DSL. I have the same setup as described in the http://www.isaserver.org/articles/isa2004beta2.html article. I am running Win2K3 with ISA 2004 ontop. This box is also hosting my IIS websites that I want to host via host headers. In South Africa our telecoms provider bounces our IP every night to try and prevent hosting from home. We get away via DNS hosting companies (www.no-ip.com) - hosting our ever~changing IP's for us.
I have installed ISA and configured the internal NIC as the local LAN and the external NIC is connected to the DSL router. Exactly as in the article's picture. By default the ISA config blocks all comms in and out. I have setup the Firewall rule to allow Outgoing traffic - so the LAN and the ISA box can surf. The PAT setup on the router has been done to allow the comms on port 80 through to the correct IP of the ISA server. Now....I have tried to get the Posting of a Web site working but with no luck. Could you walk me through the config behind this?
PS. I have had the hosting of the sites working through normal Win2K3 firewall settings, but with the ISA server install it stopped working.
Thanks
Righardt Marais
Software Configuration Manager Righardt.Marais@20twenty.com | mobile +27 82 444 7577 | direct +27 21 481 8538 | www.20twenty.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Discussion of the Getting Started with ISA2004 article - ![[Smile]](/image/smiles/smile.gif)
) .All i have to say is "cool work Microsoft, keep it up u r simply the best ." .Now don't consider me working for Microsoft 
