Announcement

Collapse
No announcement yet.

ISA as router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA as router

    We currently have a ISA 2000 setup that acts as a proxy for the site, and we can use it as a router to bypass the proxy for the support staff.

    However we are moving to ISA 2006, I have it all setup and running, and works a treat as a proxy server, however when try and route through it it does not work.

    We have created a firewall policy for the support PCs to go straight out to the External network. However this does not work and shows as Connect Denied in the logging view.

    Any suggestions on how to get round this?

    Thanks

    Dave

  • #2
    Re: ISA as router

    Can you explain a bit more?
    ISA 2006 is a firewall and you should act on it as a firewall unless you set it up as a proxy (with one nic)
    I see no reason why any support staff should bypass the firewall.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: ISA as router

      ISA 2000 Setup

      Client PC has a DG of 10.99.61.100 which is the layer 3 and forwards the traffic to 10.99.61.52 which is the ISA 2000 server and the proxy server of inet.ourdomain.co.uk

      The support staff DG is 10.99.61.52 which allows us to access the internet without being proxied or filtered.

      This works with no problem.

      ISA 2006

      Testing the new ISA server, the test clients have a DG of 10.99.61.53 for testing, this will be changed to 10.99.61.100 and the route changed on the layer 3. And a proxy server of inet1.ourdomain.co.uk, this works as intended.

      The test machine in the support section have the default gateway of 10.99.61.53 and no proxy server specified.

      However when I try to access the internet through the DG I get a Denied COnnection in the Logging view, but if I tell my browser to use the proxy server there is no problem connecting.

      Support need to be able to bypass the proxy part of the ISA server as we need access to other sites that is blocked

      Thanks

      Dave

      Comment


      • #4
        Re: ISA as router

        Originally posted by Dave_Lincs View Post
        Support need to be able to bypass the proxy part of the ISA server as we need access to other sites that is blocked

        Dave
        How have you blocked the websites and how did you setup the ISA server, proxy mode or firewall mode?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: ISA as router

          We have not blocked any websites. It is setup as an Edge Firewall / Proxy it works fine when you are proxying through it, but not when you try and bypass the proxy part

          Comment


          • #6
            Re: ISA as router

            but you just said some sites are blocked????
            Originally posted by Dave_Lincs View Post
            Support need to be able to bypass the proxy part of the ISA server as we need access to other sites that is blocked

            I really think you should know what a firewall does. I don't understand what your problem is.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X