Re: ISA direct access configuration

Tech-Archive recommends: Speed Up your PC by fixing your registry

Hi,

Thanks for the reply. The users can access fine when just entering the
netbios name or the internal name like http://myserver.mydomain.local.
However, to avoid confusing with our 1200 users we need ONE name for
accessing both internally and externally(from home). I have setup my internal
DNS correctly and it forwards to my ISP's DNS. However the external name
currently used is an Alias on my ISP's DNS to point to my external NIC on my
ISA server. It is published in my ISA server as a website and works fine from
accessing at home.

I did find the Domain Name Set and the Url set as well as the Caching Rules.
I created a caching rule for http://myorg.mydomain.ca/* in both the Domain
Name set as well as the URL set. However, it seems to still be caching. I
update the page and an hour later it still isn't updated if I enter
http://myorg.mydomain.ca but it is updated if I enter the internal
http://myserver.mydomain.local

The problem with adding a DNS entry on my internal DNS is the extension.
Internally, I use mydomain.local where as externally I use myorg.mydomain.ca
..On my internal DNS I cannot seem to add an Alias or a Host name with
anything but the mydomain.local extension so this is where I run into the
problem. Also I was under the impression that for Internet ISA bypasses
internal DNS anyway. At least Proxy 2.0 used to do that as I actually had a
root domain when running Proxy 2.0

With Proxy 2.0 I could also see all the files in the urlcache folder and
delete them if I wanted. I cannot seem to do this with ISA 2004 as it is one
file.

I am running Apache webserver on Windows 2000. My users update their sites
and need access to them immediately so if you have any other ideas that would
be great.

By the way, on MS Technet website I cannot actually make a "new" post
because the page is not found. Anyone else having this issue?

Thanks

Lara

"Phillip Windell" wrote:

> "lforbes" <lforbes@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:F6A721FA-21B2-4AD0-9043-37E08647B8FF@xxxxxxxxxxxxxxxx
>
> > We have caching rules with ISA 2004 but it doesn't let you put in specific
> > websites not to cache. These are actually "internal" websites but the
> users
> > are accessing them via their External DNS name (from our ISP) therefore
> they
> > are going out and then back in the ISA.
>
> The first problem is that you shouldn't go through the ISA for these sites
> to start with. You should configure you DNS to resolve those site(s) to the
> Internal IP# and then they would go to the sites directly. An even simpler
> solution is to access the sites by the Netbios Machine Names or the internal
> AD FQDN. All DNS request should go only to your internal DNS and never the
> ISP's DNS. Only your DNS Server itself should ever query the ISP's DNS by
> placing the ISP's DNS in the Forwarders List within the config of the DNS
> Service. The ISA needs an anonymous Access Rule to allow the AD/DNS to send
> queries to the ISP's DNS.
>
> As far as the "no-cache" thing, this is where it is done.
>
> 1. In the Network Objects create either a URL Set or a Domain Name Set
> (whichever fits best) that reflects the site(s) in question. (example: URL
> Set http://*.webex.com or Domain Name Set *.webex.com). You could even use
> Computers, Computer Sets, Address Ranges,...or whatever seems to work best.
>
> 2. Look futher down the ISA MMC Tree and find "Cache". Right-click on it and
> select New Cache Rule. Give it a useful name. On the Cache Rule
> Destination dialog add the Item (or Items) you created in #1 above. On the
> Content Retrieval dialog choose the first item. On the Cache Content dialog
> choose the first one "No content will ever be cached". Finish
>
> Don't forget to click "Apply" in the MMC
>
> I used WebEx as an example because it does in fact have problem with "web
> caching" and it should be exempted from caching if you ever do WebEx
> sessions.
>
> I don't use ISA2004, we still use ISA2000, so I have not done this in
> practice, I'd be intrested in knowing how it turned out if you follow that
> method.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
.

Relevant Pages

  • Re: Cannot connect to RWW from home PC
    ... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
    (microsoft.public.windows.server.sbs)
  • Re: Arghhh..... DNS and ISA :-0
    ... domain pointing to the external IP of your ISA server. ... www.yourcompany.com needs to resolve FROM OUTSIDE to the external IP of ISA. ... A lookup will be done by that site and if your DNS is working ... For your INTERNAL clients to be able to get on the Internet you need: ...
    (microsoft.public.isa)
  • Re: Cannot connect to RWW from home PC
    ... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 behind PIX problems
    ... Looking hard at PIX configs and working on diagram. ... >> new machine will be the current address of single nic ISA. ... PIX is allowing DNS. ... DNS for the Internet typically comes from the ISP's DNS. ...
    (microsoft.public.isa.configuration)
  • Re: Arghhh..... DNS and ISA :-0
    ... A lookup will be done by that site and if your DNS is ... For your INTERNAL clients to be able to get on the Internet you need: ... the ISA web proxy service up and running ... my mail server etc. ...
    (microsoft.public.isa)