• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

LAT issue or not?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> LAT issue or not? Page: [1]
Login
Message << Older Topic   Newer Topic >>
LAT issue or not? - 19.Feb.2003 3:35:00 PM   
palindroem

 

Posts: 40
Joined: 14.Aug.2002
From: N. Fla
Status: offline
My ISA server is located between my external WAN router and my internal core router. My internal network is 10.104.x.x and 10.108.x.x. My external network is a "private" state gov network 164.51.156.x.
I also have a section of our organization at a different location, behind a different private addresses range, 10.10.x.x and thats behind another different "private" state gov network, 150.176.x.x. I have a domain BDC there with a handful of domain clients.
My ISA server LAT defines my first two internal networks (10.104 and 10.108) but not the remote section (150.176). I have nothing defined in the LDT (not sure if I really need it, I only have SecureNAT client for now)
I have set protocol definitions and protocol rules as wide open as possible (for test purposes only) allowing all traffic in both directions. This also includes custom definitions to provide for Netbios ports to provide for any NT 4.0 (which we are) authentication and resolution (135,137,138,139,445). I have my PDC published with "Any RPC Server" as the mapped server protocol. I have configured SMS (1.2) and VNC protocol definitions, and included them into a protocol rule.
When I test the ISA server I can make an SMS and VNC connection to the remote BDC.
I can not connect to the remote BDC using server manager. My remote clients can not connect new sessions, but that can continue pre-existing sessions. It appears that new netbios sessions can't be astablished.
Is this a LAT issue? If not, any suggestions?

thanks

-Droem-
Post #: 1
RE: LAT issue or not? - 21.Feb.2003 12:57:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Droem,

ISA Server sees the world as trusted and untrusted. The trusted networks are on the LAT. The untrusted networks are not on the LAT. Don't trust to do things RPC, DCOM, NetBIOS and domain log ons between trusted and untrusted networks. If a network can't be trusted, then it doesn't make sense to perform these high risk operations with them (from the perspective of ISA Server).

HTH,
Tom

(in reply to palindroem)
Post #: 2
RE: LAT issue or not? - 24.Feb.2003 3:27:00 PM   
palindroem

 

Posts: 40
Joined: 14.Aug.2002
From: N. Fla
Status: offline
Ok, since this remote network IS actually part of the trusted network, what would happen it I included its addresses in the LAT?

(in reply to palindroem)
Post #: 3
RE: LAT issue or not? - 24.Feb.2003 8:47:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Droem,

If the hosts are in the LAT, then the ISA Server won't apply policy. However, that won't fix any NAT related issues you have [Wink]

HTH,
Tom

(in reply to palindroem)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> LAT issue or not? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts