Re: ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem

I do have the web page published through a rule, but its bound only to the
"External" network and its set to send the client IP not the ISA server
IP...

-Michael



"Phillip Windell" <@.> wrote in message
news:eUBpRjhGHHA.3616@xxxxxxxxxxxxxxxxxxxxxxx
"Michael Shannon" <Miek@xxxxxxxxxxxxxxxxx> wrote in message
news:%23MNsKqXGHHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
Everything "seems" to be working (i can ping, email, file sharing, etc)
except for one thing. When I connect to a web site hosted in the Main
Office from the Remote Office I can connect BUT IIS is seeing the IP
address of the ISA server not the remote client. This is causing issues
becuase this site in particular is for Citrix and its causing issues with
Citrix's NAT mapping.

Looking at the ISA monitoring it seems that folks coming through the VPN
are being marked as SecureNAT and WebProxy (when using IE). The Network
Rule is set to "Routed", so why is it using SecureNAT and WebProxy....

The site is Published with ISA (?) and you have the Listener listening on
all networks instead of just one particular IP on the External Nic like it
should be? So the user's request is "caught" by the Listener and run
through the Publishing Rule which has been set to show as comming from the
ISA instead of the user. These users should not be going through a
Publsihing Rule.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------






.

Relevant Pages

  • Re: adding a route to the client
    ... If you disable "use gateway on remote network" then the client will only be ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d- ... ...
    (microsoft.public.isa.vpn)
  • Re: IE 6 and Proxy Setting Exceptions
    ... Enter those address's in the internal network object on the tab where you ... entered or entered through a gpo will be removed by the script. ... Firewall Client installed. ... On the ISA server the config set for the ...
    (microsoft.public.isa)
  • VPN & SBS2003+Win2003Server/ISA Server
    ... I'm trying to set up my VPN on my SBS 2003 network ... * SBS 2003 PDC Server (Not running ISA Server) ... Note Internet works fine, and there is no firewall on the ADSL Router ... * Making a remote connection disk and installing it on the client PC ...
    (microsoft.public.windows.server.sbs)
  • Re: adding a route to the client
    ... Enable "use gateway on remote network" in the Dialup Connectiod. ... If you disable "use gateway on remote network" then the client will only be ... Microsoft ISA Server Partners: Partner Hardware Solutions ...
    (microsoft.public.isa.vpn)
  • Problems setting up VPN & ISA2000/SBS2003
    ... I'm trying to set up my VPN on my SBS 2003 network ... * SBS 2003 PDC Server (Not running ISA Server) ... * Making a remote connection disk and installing it on the client PC ...
    (microsoft.public.isa)