Re: SNAT
From: Bob Genestet (bob_genestet_at_computernetorkservice.com)
Date: 07/14/04
- Next message: Thomas W Shinder [MVP]: "Re: Problem with ISA Server and autoconfig - manual works"
- Previous message: Thomas W Shinder [MVP]: "Re: Has anyone tried installing ISA 2004 over the SQL Express 2005 beta?"
- In reply to: A Klimkin: "Re: SNAT"
- Next in thread: Thomas W Shinder [MVP]: "Re: SNAT"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 14 Jul 2004 13:25:51 -0500
Thanks to all of you who replied to my post. I have read through your posts
and as soon as my head quits hurting from brain information overload, I will
need to read them at least 10 more times to fully comprehend what was said.
I believe the answer lies somewhere in the replies you have given. I will
continue to experiment with ISA and also take a look at the new 2004
version.
Bob Genestet
-- This posting is provided "AS IS" with no warranties, and confers no rights. Cheers, Bob Genestet "A Klimkin" <aklimkin at mail dot ru> wrote in message news:eD%23MnOaaEHA.3524@TK2MSFTNGP12.phx.gbl... > First of all, I'd say that until now I didn't faced a situation where double > NATing could cause any problems with outbound/inbound internet access. Yes, > there might be some configuration overhead, but not the problem that would > be impossible to resolve. > Regarding the NATting itself... ISA2K always performs NAT between LAT and > the rest of interfaces when works in firewall or integrated mode. > If you really believe that double NATing is your key problem, you have got > the following options: > 1. Get rid of your external NAT box. In the 'complexity vs security' battle > the complexity always wins. So you have got continuous configuration > headache instead of enhanced security. > 2. Choose the upcoming ISA2K4 as your firewall solution. One of its key > benefits is ability to choose NAT or routing relations between any pair of > networks it serve. But it's still better to take away the external NAT box, > while it's completely useless when putting it in front of ISA firewall, > particularly ISA2K4. > 3. Clear the default gateway property at the clients IP configuration thus > making them to not be a snat client. To grant internet access for those > computers you have to make them either firewall or webproxy client. To have > access to HTTP and FTP protocols being the webproxy client is fair enough. > For the rest of internet protocols support like SMTP, POP3, etc. you should > install the firewall client software. If the goal is to have all your > clients internet activity authenticated and recorded in the log files, it's > *obligatory* to configure the LAN computers to be the firewall and the web > proxy client at the same time. > > Regards, > Andrew > "Bob Genestet" <bob_genestet@computernetorkservice.com> wrote in message > news:eF2WYZRaEHA.972@TK2MSFTNGP12.phx.gbl... > Can Secure NAT be disabled in ISA 2000? If so, how? I am already NATed by my > firewall and the second NAT causes problems with some of my software. ISA is > installed in Integrated mode with 2 nics. > > Thanks, > Bob Genestet > > -- > This posting is provided "AS IS" with no warranties, and confers no rights. > > Cheers, > Bob Genestet > >
- Next message: Thomas W Shinder [MVP]: "Re: Problem with ISA Server and autoconfig - manual works"
- Previous message: Thomas W Shinder [MVP]: "Re: Has anyone tried installing ISA 2004 over the SQL Express 2005 beta?"
- In reply to: A Klimkin: "Re: SNAT"
- Next in thread: Thomas W Shinder [MVP]: "Re: SNAT"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
