Re: ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- From: "Aprazeth" <aprazeth-at-majooraap.com@xxxxxxxxx>
- Date: Sun, 10 Dec 2006 14:35:20 +0100
In the publishing rule there is a tab allowing you to set the option whether or not the request appears to come from the client or the ISA 2004 Server. It seems that this is set at the ISA 2004 IP.
Hope this helps :)
"Phillip Windell" <@.> wrote in message news:egPsI1uGHHA.1248@xxxxxxxxxxxxxxxxxxxxxxx
Ok,.
I don't know then. We'll have to see if any of the other guys here have any ideas.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of my employer or anyone else associated with me.
"Michael Shannon" <Miek@xxxxxxxxxxxxxxxxx> wrote in message news:%237HWX5kGHHA.3304@xxxxxxxxxxxxxxxxxxxxxxxI do have the web page published through a rule, but its bound only to the "External" network and its set to send the client IP not the ISA server IP...
-Michael
"Phillip Windell" <@.> wrote in message news:eUBpRjhGHHA.3616@xxxxxxxxxxxxxxxxxxxxxxx"Michael Shannon" <Miek@xxxxxxxxxxxxxxxxx> wrote in message news:%23MNsKqXGHHA.1188@xxxxxxxxxxxxxxxxxxxxxxxEverything "seems" to be working (i can ping, email, file sharing, etc) except for one thing. When I connect to a web site hosted in the Main Office from the Remote Office I can connect BUT IIS is seeing the IP address of the ISA server not the remote client. This is causing issues becuase this site in particular is for Citrix and its causing issues with Citrix's NAT mapping.
Looking at the ISA monitoring it seems that folks coming through the VPN are being marked as SecureNAT and WebProxy (when using IE). The Network Rule is set to "Routed", so why is it using SecureNAT and WebProxy....
The site is Published with ISA (?) and you have the Listener listening on all networks instead of just one particular IP on the External Nic like it should be? So the user's request is "caught" by the Listener and run through the Publishing Rule which has been set to show as comming from the ISA instead of the user. These users should not be going through a Publsihing Rule.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
- Follow-Ups:
- Re: ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- From: Michael Shannon
- Re: ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- References:
- ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- From: Michael Shannon
- Re: ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- From: Michael Shannon
- ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- Prev by Date: Upgraded to ISA 2006 from ISA 2004, now Office communicator no longer worsk
- Next by Date: Re: Firewall Client : many questions
- Previous by thread: Re: ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- Next by thread: Re: ISA 2004 Site-to-Site VPN / SecureNAT / Web Proxy Question/Problem
- Index(es):
Relevant Pages
|
