Re: No rule application !!!

Tech-Archive recommends: Fix windows errors by optimizing your registry

It's because the ISA Interface of the PIX belongs to the VPN Network so the
security level is less than my intenal networks, what i just want to do is to
allow some users using fw clients authentication on the 'B' network to reach
ressources on the 'C' network which represents multiples sub-networks, the
servers on the 'B' one are Terminal servers it's the reason why depending who
is connected on it i create rules according to the username to get remote
access on some IP adresses on the 'C' network. But I have been asking my
issue to HP and Microsoft and they didn't know why it doesn't work so i
believe ISA has got a BUG.
Let me just eplain you again the situation : in order to check the
communication with the real IP's Adresses on each PC's from 'C' i want to
ping 'B' i allow icmp on ISA from 'B' to 'C' and 'C' to 'B' i see packets on
the ISA server coming from 'C' with the same IP address but no rules is
applied and i have denied connections.

Thanks

"Phillip Windell" wrote:

> None of that makes any sense to me.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> "Yann" <Yann@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:9FB63518-07B3-41E6-9504-832A26202809@xxxxxxxxxxxxxxxx
> > i think it's not what i meant i use the pix to do NAT on same ip address
> and
> > the ISA to route the network coming from the pix.
> > It means :
> >
> > Internal Network --> PIX "NAT" --> ISA --> Server to reach
> > ------'C'----------- --> ----------'A'----> -----------'B'-----------
> > and 'C' to 'B' doesn't work !!!
> >
> > Thx
> >
> > "Phillip Windell" wrote:
> >
> > > You are trying to use the PIX and the ISA as if they were LAN Routers.
> > > They are not LAN Routers,...forget it.
> > >
> > > You would have to replace both the ISA and the PIX with a LAN Router.
> All
> > > three networks would have to run compatible addrressing, probably RFC
> > > Private, and all three networks would be "equal" and "trusted".
> > >
> > > The ISA, or PIX, or both,...would go at the "network edge" where it
> meets
> > > the Internet and would have nothing to do with the three LAN Segments
> > > communicating with each other.
> > >
> > > --
> > > Phillip Windell [MCP, MVP, CCNA]
> > > www.wandtv.com
> > > -----------------------------------------------------
> > > Understanding the ISA 2004 Access Rule Processing
> > > http://www.isaserver.org/articles/ISA2004_AccessRules.html
> > >
> > > Microsoft Internet Security & Acceleration Server: Guidance
> > > http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> > > http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
> > >
> > > Microsoft Internet Security & Acceleration Server: Partners
> > > http://www.microsoft.com/isaserver/partners/default.asp
> > >
> > > Deployment Guidelines for ISA Server 2004 Enterprise Edition
> > >
> http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
> > > -----------------------------------------------------
> > >
> > >
> > >
> > > "Yann" <Yann@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > news:34C90BB8-4E6A-42AC-8EB8-D547B1156620@xxxxxxxxxxxxxxxx
> > > > Hello all,
> > > >
> > > > I have a little issue with ISA Server, my topology is the following :
> ISA
> > > > Server with 2 NIC's one on network 'A' and one on network 'B' i have a
> > > third
> > > > newtok behind a PIX 525 which i will call network 'C' and the PIX is
> on
> > > the
> > > > network 'A' too.
> > > > What i can't do is to ping a server in network 'B' from network 'C' i
> > > > checked all my network defined on ISA so network 'C' to network 'B' is
> > > routed
> > > > by ISA, i also checked all the ISA policies so all outbound traffic
> from
> > > > network 'C' to network 'B' the same from 'B' to 'C' so when i ping i
> see
> > > > traffic coming from 'C' to 'B' with denied connection and in the rule
> > > column
> > > > i don't see anything applied i thought the default rule was at list
> > > applied
> > > > but nothing.
> > > > additionnaly, the 'C' network coming from the PIX is translated as 'C'
> on
> > > > the 'A' Network.
> > > > Many thanks for your help ?
> > > >
> > > >
> > >
> > >
> > >
>
>
>
.

Relevant Pages

  • Re: Internet Intermittent Connection
    ... Here are my IPs for the network: ... ISA Internal NIC: 192.168.100.1 ... Modem External: Public IP Address ... I have an intermittent Internet connection that has been going on for ...
    (microsoft.public.isa)
  • Re: ISA 2006 configuration question - multiple VLANs and domains
    ... very familiar with network segments vs. domains et. al. ... multihomed ISA 2006 server forward a DHCP request to the proper VLAN ... ISA is a Firewall Product designed to protect a network from the Internet. ...
    (microsoft.public.isa.configuration)
  • Re: Disable dynamic route entries in Windows 2003?
    ... and how they're configured/managed by the network folks. ... My ISA servers have two NIC's: one in a VLAN that is an "internal" DMZ, ... So, from the standpoint of ISA Server, there are two separate interfaces ... the "Internal VLAN can NOT route to the Internet VLAN, ...
    (microsoft.public.windows.server.networking)
  • RE: SBS 2003, ISA 2004
    ... ISA and IIS try listening on these two ports. ... by default the Web Proxy is listening on port 8080 ... of the local network adapter. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN not working when i connect through SBS 2003 server running ISA 2004
    ... appears in the Application log in ISA Server 2006 or in ISA Server 2004 ... do not correlate with the network element to which this adapter belongs. ... will VPN to another network where there is a Draytek ... Telnetting to port 1723 on network 1 seems to elicit a connection. ...
    (microsoft.public.windows.server.sbs)