Re: ISA 2004 Cache

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Phillip Windell (_at_.)
Date: 03/15/05 

Date: Tue, 15 Mar 2005 13:03:39 -0600

If you are doing that in a Web browser there are problem interpeting the IP#
as a real IP#. It goes like this:

1. The URL is assumed to use a Name (not an IP#)

2. If the Name is a single one-word Name,.. it is assumed to be a Netbios
Name and is assumed to be Local (inside). The name is resolved to an IP#
via WINS or Netbios broadcasts and the IP# is verified to be part of the
internal Network, then you access it directly and the ISA does not get in
the way.

3. If the name has "dots" in it, it is assumed to be a FQDN. All FQDNs are
assumed to be out on the Internet unless they are contained in the LDT (not
LAT) if you run ISA2000, ISA2004 doesn't have a LDT or LAT but uses the
"Network Configuration" for the same purpose. If the FQDN is established as
local, in the LDT on 2000 (or the counter part in 2004) then it is resolved
by your local DNS and ISA doesn't get in the way.

Problem. The IP# has..., guess what,..."dots". So it gets improperly
interpreted as a FQDN and it is attempted to be resolved by DNS. It will
fail because there is no such FQDN as "172.18.5.54". So to workaround this
you must place the "172.18.5.54" in the LDT (that is L*D*T not LAT) if you
run ISA2000,...or whatever the counterpart to that is with ISA2004. Now ISA
will leave it alone and you will go directly to the Server as you are
supposed to do.

I have only verified this to be an issue with ISA2000,...we do not run
ISA2004 so I don't know about it. However it may also be an issue with IE,
but I just am not real sure where the problem really stems from,...I only
know how to get around it. 

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Gabe Matteson" <gmatteson@inquery.biz.nospam> wrote in message
news:Or6Ex0YKFHA.2396@TK2MSFTNGP12.phx.gbl...
> I thought by default the internal network by passed the firewall so that
> traffic did no loop back. The problem that I am having is when a user goes
> to lets say 172.18.5.54, they can't because ISA doesn't allow them. I add
> the ip to the domains tab in the web proxy config for the internal network
> and they can access it... Any ideas? Thanks.
> - Gabe
>
>

Relevant Pages

  • Re: ISA 2004 Cache
    ... If the name has "dots" in it, it is assumed to be a FQDN. ... ISA2004 doesn't have a LDT or LAT but uses the ... by your local DNS and ISA doesn't get in the way. ... > I thought by default the internal network by passed the firewall so that ...
    (microsoft.public.isa)
  • Re: ISA 2004 Cache
    ... If the name has "dots" in it, it is assumed to be a FQDN. ... ISA2004 doesn't have a LDT or LAT but uses the ... by your local DNS and ISA doesn't get in the way. ... > I thought by default the internal network by passed the firewall so that ...
    (microsoft.public.isa.configuration)
  • Re: ISA 2004 Cache
    ... If the name has "dots" in it, it is assumed to be a FQDN. ... ISA2004 doesn't have a LDT or LAT but uses the ... by your local DNS and ISA doesn't get in the way. ... > I thought by default the internal network by passed the firewall so that ...
    (microsoft.public.isaserver)
  • RE: Outlook Web Access
    ... certificate page I did type my FQDN my local ... Also note I am currently using ISA 2000 not ISA 2004. ... set is the same as the certificate. ... In certificate page of CEICW wizard, you should type your published FQDN ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Web Workplace
    ... Has your ISP created a dns record for your FQDN? ... > RWW do. ... >>If you have ISA installed, ...
    (microsoft.public.windows.server.sbs)