Re: Original IP address to a web server and CISCO VPN

"News Microsoft" <dabella@xxxxxxxxxxxxxxx> wrote in message
news:ur880b9rFHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
> Hi guys, we have 2 problems with ISA Server 2000
>
> 1) We need to deliver the original IP address of the pc that is
> originating a web request on the public network to the web server inside
> the private network.
> We try this marking the "Send original host header" but it don't work.

The "Send original host header" does not have anything to do with the IP
address, it refers to the name entered in the browser when connecting to a
web site and is used to distinguish between multiple sites hosted on the
same server - at the same IP address, that is.

Your problem does not have a solution in ISA2000, because web publishing
rules are processed by the web proxy service which will ALWAYS replace the
client's IP with the firewall IP (that is how a proxy works). In ISA2004
there is a new feature that does exactly that, ISA2000 however doesn't have
it.

Your only option if you absolutely want to have the client's IP address is
to publish the web server through a server publishing rule, instead of a web
proxy rule. That has the disadvantage that you lose the content inspection
capabilities offered by the web proxy service/rules. If that doesn't bother
you then you can disable the current web proxy rule and create a server
publishing rule instead. Also depending on your configuration you might have
to fiddle with a registry setting as described in this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;311777

The article deals with the exact opposite situation, but can be applied to
your case as well - just make that registry setting "0" instead of "1".


> 2) We need to stablish a CISCO VPN thought ISA Server, we tryed Q812076,
> the connection is stablished but there is not data traffic.

Are you sure your Cisco VPN appliance/concentrator is compatible and
configured with transparent tunneling using UDP port 10000? That is the only
way you will be able to pass the VPN traffic through ISA. Also the VPN
client has to be configured that way.

Virgil


.

Relevant Pages

  • Re: Best Practice for Using MVPS HOSTS File on ISA Server?
    ... Now when a web proxy user connects to ... the connection attempts to 127.0.0.1 are being ... I'm not keen on running a web server on the ISA Server to serve ...
    (microsoft.public.isa)
  • Re: Port 80 and 443 to specific web sites
    ... The agent on the clients where the firewall client is loaded are not. ... The ISA Server is preventing the agent loaded on the clients from accessing ... I am getting " access to the Web Proxy service is denied." ...
    (microsoft.public.isa.configuration)
  • Re: Event 26. Your computer may be infected.
    ... The DC is our server-side antivirus control system. ... see the traffic pattern issue because the receiving server is running backup ... My biggest concern is that I can't find any evidence to show where the ... The message and event lead me to believe that its a message originating ...
    (microsoft.public.win2000.security)
  • ISA Server Problems, please help
    ... I am having lots of problems with ISA 2000 server. ... Event Source: Microsoft Web Proxy ... ISA Server detected a proxy chain loop. ... Upstream chaning credentials are invalid ...
    (microsoft.public.windows.server.sbs)
  • Re: Unexplain-able Undeliverable messages being generated
    ... Tracking the message with Message tracking will reveal where it originated ... these show that behavior they are originating from the internet. ... If the first place you are seeing them appear is an internal Exchange server ...
    (microsoft.public.exchange2000.general)