• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

PDC Behind ISA Need to Access Email Server OutSide

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> PDC Behind ISA Need to Access Email Server OutSide Page: [1]
Login
Message << Older Topic   Newer Topic >>
PDC Behind ISA Need to Access Email Server OutSide - 11.Apr.2002 7:35:00 AM   
PingMonster

 

Posts: 45
Joined: 10.Mar.2002
Status: offline
I have PDC behind ISA and this PDC need to send and receive email through outside email server (UNI Campuse).
Installing Firewall client on PDC seem to fix this problem but it is dog slow to boot up.
PDC is pointing to ISA as gateway (SecureNet)
and I don't have internal DNS server so PDC does not point to any DNS.

I found in ISA session that PDC SYSTEM is connecting as Firewall session.

What da hell am I doing wrong?

"[Mad]"
Post #: 1
RE: PDC Behind ISA Need to Access Email Server OutSide - 13.Apr.2002 4:56:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi PingMonster,

no internal DNS server?!? [Eek!]

I would *not* install the Firewall client on a PDC. Make sure the PDC is a SecureNAT client and define your ISP DNS server in the interface TCP/IP properties.

Next, create the necessary protocol rules for POP3/SMTP/DNS and make sure you have a proper site&content rule in place. If you want, you can restrict those protocols to a particular client address set who contains your PDC.

HTH,
Stefaan

(in reply to PingMonster)
Post #: 2
RE: PDC Behind ISA Need to Access Email Server OutSide - 16.Apr.2002 3:31:00 AM   
PingMonster

 

Posts: 45
Joined: 10.Mar.2002
Status: offline
Thanks Spouseele

May be I did not explain clearly enough.
We are in University situation. (Virtual Land)
There is a main DNS server within university which is outside of ISA Server.
And our computer LAB is behind ISA.
The bad thing is we are not allowed have our own DNS server.
Is there a downside not having internal DNS, even just as forwarder?

At the moment I just have it as open access and open protocols with default packetfilter and still cannot access the email server in the University without firewall client installed.

Of cause I have it as secureNET client.

(in reply to PingMonster)
Post #: 3
RE: PDC Behind ISA Need to Access Email Server OutSide - 16.Apr.2002 11:28:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi PingMonster,

ISA is highly depending on a solid DNS infrastructure. You can perfectly setup an *internal* DNS server and use the main DNS server within the university as forwarder. The internal DNS server will only be authoritative for your lab environment.

If you said it worked with the firewall client, is the University DNS server set at ISA? Probably yes! That could be the reason it works. If the Firewall client has no DNS settings, then ISA will performe the DNS lookup on behalf of the Firewall client. This is not the case for a SecureNAT client! So, a workaround could be to define the University DNS server in the TCP/IP properties of the SecureNAT client.

Check out:
- http://www.isaserver.org/authors/harrison/tutoials/isa-clients-part1.htm
- http://www.isaserver.org/authors/harrison/tutoials/isa-clients-part2.htm
- http://www.isaserver.org/authors/harrison/tutoials/isa-clients-part3.htm

HTH,
Stefaan

(in reply to PingMonster)
Post #: 4
RE: PDC Behind ISA Need to Access Email Server OutSide - 18.Apr.2002 12:49:00 AM   
PingMonster

 

Posts: 45
Joined: 10.Mar.2002
Status: offline
Thanks Stefaan

Like I said "We are not allowed to have DNS server" in our domain.
I think the Firewall client is the only way.

Why is it everyone saying "DONOT INSTALL" Firewall client on PDC or BDC?

(in reply to PingMonster)
Post #: 5
RE: PDC Behind ISA Need to Access Email Server OutSide - 18.Apr.2002 6:14:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stefaan,

I agree! Never put the Firewall client on a DC [Eek!]

SecureNAT clients should work fine in such an environment. But there no reason why you can't set up your own DNS server in the Lab. Its not like you're setting up a rogue DCHP server or anything like that. [Big Grin]

HTH<
Tom

(in reply to PingMonster)
Post #: 6
RE: PDC Behind ISA Need to Access Email Server OutSide - 18.Apr.2002 10:37:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi PingMonster,

I can only say: re-read my previous post. Have you already tried the workaround?

HTH,
Stefaan

(in reply to PingMonster)
Post #: 7
RE: PDC Behind ISA Need to Access Email Server OutSide - 19.Apr.2002 2:27:00 AM   
PingMonster

 

Posts: 45
Joined: 10.Mar.2002
Status: offline
Thanks Tom and Stefaan

I know it is sad that we cannot have our own DNS but think of all other faculties having their own DNS and not to mention unauthorised name records and supports. That's why they won't allow us to have one. [Frown]

Yes, Stefaan
I did tried the workaround still does not work with just the SecureNET, WebProxy and UNI DNS.
(Just not enought power captain! She needs firewall client)

(in reply to PingMonster)
Post #: 8
RE: PDC Behind ISA Need to Access Email Server OutSide - 19.Apr.2002 5:31:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi PingMonster,

I really don't understand your problem.

If a SecureNAT client is setup correctly, you should *not* have any problems to send and receive email through outside email server.

Check out again http://www.isaserver.org/authors/harrison/tutoials/isa-clients-part2.htm .

HTH,
Stefaan

(in reply to PingMonster)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> PDC Behind ISA Need to Access Email Server OutSide Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts