Re: using my ISA for some routing
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Mon, 21 Apr 2008 09:33:21 -0500
"Alex" <nospam@xxxxxxxxx> wrote in message
news:%23OrinB6oIHA.5836@xxxxxxxxxxxxxxxxxxxxxxx
Currently my user's default gateway is my WAN router and for access to the
itnernet they're using my ISA 2006 server as a proxy server by specifying it
in Internet Explorers proxy settings (done by GPO).
GPO for this is a bad deal. It cannot properly handle machines that
travel,..like laptops.
I'd like to move away from using the proxy settings (for various reasons)
and set my ISA 2006 server as the users default gateway so they have
direct internet access, however I still need them to access machines in
other offices over the WAN ...
I don't know why you would want to go "backwards" in security and control.
SecureNAT Clients cannot authenticate, therefore all Access Rules must be
anonymous.
I don't really want to fiddle and add manual routing entries for every
user, so is it possible to tell ISA 2006 server that when it see's traffic
for ip addresses ranges that match my other offices (they are defined as
internal) to pass it onto to my WAN router and what sort of area of ISA
2006 should I be looking to implement this?
Impossible to answer. SecureNAT functionality is based on the LAN's Routing
Scheme (I should say the *correctness* of it),...it is not based on making
the ISA the Default Gateway of Clients,...that is only in "simple"
single-subnet LANs.
Requires 2 things:
1. I need to know and understand the LAN's Routing Scheme
2. You need to be willing to change the Routing Scheme if it is not optimal.
Or...
Forget the whole SecureNAT, Configure the LAN for Proxy Auto-detection via
WPAD and install the Firewall Client on the machines. This is the best
option, the most flexable, requires no topology change, requires no routing
changes, and will automatically adjust for clients that travel.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- Follow-Ups:
- Re: using my ISA for some routing
- From: Alex
- Re: using my ISA for some routing
- References:
- using my ISA for some routing
- From: Alex
- using my ISA for some routing
- Prev by Date: Re: ISA Server and two internet connections
- Next by Date: Re: using my ISA for some routing
- Previous by thread: using my ISA for some routing
- Next by thread: Re: using my ISA for some routing
- Index(es):
Relevant Pages
|
Loading
