• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about article on not being able to log on

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> Discussion about article on not being able to log on Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about article on not being able to log on - 29.Mar.2005 1:04:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the article on not being to log on at http://isaserver.org/tutorials/2004cannotlogon.html

Thanks!
Tom

[ March 29, 2005, 01:10 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion about article on not being able to log on - 30.Mar.2005 9:29:00 PM   
tryingtoreg

 

Posts: 8
Joined: 12.May2003
From: Boston
Status: offline
What about a DMZ/Perimeterin ISA 2004? Is that to be considered Internal or External? I am trying to find out info on how to configure/secure the NIC and since we are going to have an IIS6.0 server on the DMZ (ISP DNS pointing to site) what do I need to open/close etc....

Sean

(in reply to tshinder)
Post #: 2
RE: Discussion about article on not being able to log on - 4.Apr.2005 11:13:00 AM   
alain.blaettler@bitcs.ch

 

Posts: 3
Joined: 4.Apr.2005
From: Basel (Switzerland)
Status: offline
Hi

I am having almost the same Problem with my ISA Server 2004.

What if i don't want my Servers in the "Internal" Network, as i understand your discription of the ISA-configuration. You put all the Servers, Clients, etc. in a somekind "Internal Network"!

The Problematik in my case is, I don't want the Servers (DC's and Members) in my Internal Network but in a seperate Network, where I have the full control of the Traffic whitch goes through the ISA-Server!

My config:

Interface 1: 10.21.1.X ==> Internal (Clients, Printersm, etc.)
Interface 2: 10.21.2.X ==> Server Network
Interface 3: 10.21.3.X ==> DMZ 2
Interface 4: 10.21.4.X ==> External

All Networks are routed, because the ISA Server 2004 is the second firewall. The ISA-Server is behind a "Hardware-Firewall"!

The exact question now is:

Is it possible to allow the Clients (Internal) to get on the Active Directory (Server Network)on the ISA-Server to all "Internal" Networks?? because i think that turn's the ISA-Server into "Swiss Cheese"! ;-)

I don't know but am I the only one who is trying to secure my Server's not only from outside, but from inside too?!?!

Note:
I have red a few KB-Articles from MS. They always talk only about Active Directory Replication over a Firewall! But what if i want to get my clients to work proberly with my Active Directory Servers over the ISA-Server?????
So whitch Port does the Clients need to work proberly with the Servers!
And do the clients need the RPC endpoint mapper (Port 135; outbound) and the Ports 1024-65535 (inbound)???? (I know i can set the Range of the inbound-Ports by my self!)

Thanks in advance for your answer.

Alan

(in reply to tshinder)
Post #: 3
RE: Discussion about article on not being able to log on - 4.Apr.2005 5:17:00 PM   
erickufrin

 

Posts: 58
Joined: 15.Apr.2003
From: Milwaukee, WI
Status: offline
I believe this is the article you are looking for...

Allowing Intradomain Communications through the ISA Firewall (2004)
http://www.isaserver.org/articles/2004perimeterdomain.html

As noted in the bottom you do not have to make the registry change to make DC AD listen on a certain port. The two custom(user defined) protocols for CIFS and ADLogin/DirRep are not needed.

Hope that will allow you to do what you want...

Eric Kufrin

(in reply to tshinder)
Post #: 4
RE: Discussion about article on not being able to log on - 20.Feb.2006 7:06:19 PM   
sunil_tadepalli

 

Posts: 1
Joined: 20.Feb.2006
Status: offline
Hi,

I just installed the ISA 2004 and have the following problems:

Before installation of ISA Server 2004 Standard, I had the following configuration. 1. A Windows Server 2003 with two network adapters. One network adapter (192.168.1.2) connected to an ADSL router (192.168.1.1) and then to the internet. The other network adapter (10.0.0.1) was attached to the intranet. I was using NAT for internet sharing amongst all computers and all was fine. 2. During the course of the ISA 2004 installation the NAT and Internet Sharing service was stopped as required. 3. After the ISA 2004 installation, the PCs on the intranet (10.0.0.5, 10.0.0.10 etc) are not able to share the internet connection. In fact I am even unable to ping from these PCs to 10.0.0.1 (the server).  4. From the Windows Server (192.168.1.2), I am able to get limited connectivity to the Internet - basically microsoft sites that are included in the 'system policy' page. 5. Can you please suggest the best network topology for this system and how I should configure the networks and network rules. Thanks in advance. Sunil Tadepalli

(in reply to tshinder)
Post #: 5
RE: Discussion about article on not being able to log on - 11.Dec.2006 1:09:50 PM   
marcello314

 

Posts: 10
Joined: 11.Dec.2006
Status: offline
hi. I have three subnets roughly the same scenario as tom's article. I have followed the instructions in which adding static routes to the windows routing table for local subnets and I have also added the windows routing table to the local addres table for the internal network. The problem is, my isa 2004 box still considers my other internal subnets (besides the one that is on the internal nic of the isa 2004 box) as an unsecured network. Any help would be greatly appreciated thanks.

(in reply to sunil_tadepalli)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> Discussion about article on not being able to log on Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts