Re: ISA Not Allowing Sites by IP

From: "Michael" <michael@xxxxxxxxxx>
Date: Wed, 13 Feb 2008 12:55:24 -0600

Thank you for your help and suggestions, I will have to read the articles you posted and see if I can work the issue out from them.

I know that the creating of DNS Entries is not a solution as the sites listed by IP are not internal to my company. The sites are hosted at client sites, but the client is connected to use via VPN Tunnel.

Example:
My Company (comp1.corp.com) <--vpn tunnel--> Client (comp2.corp.net)

I am connecting on my side with IE to their side via IP in IE.

DNS is not an option as I have very many clients, and also a site that should be resolved SITE1.COMP2.CORP.NET would really be resolving as SITE1.COMP1.CORP.COM.

- Michael

"Michael" <michael@xxxxxxxxxx> wrote in message news:9081BE5D-991D-47FA-BA7F-9A6A055B5C7E@xxxxxxxxxxxxxxxx

How ISA is Used:
I am using ISA 2006 Standard just a Web Proxy. Within it I have have 2 URL
Sets created (Allowed Sites and Blocked Sites). I have 3 tiers of users:
1. Limited -Can only access the sites in the Allowed List
2. Standard - Can Access all sites except the Blocked Sites Lists
3. VIP - Can Access anything.

Issue I am Having:
My Company works with mant clients and we create VPN Tunnel from us to them
through our networking equipment and we have to access sites on their
network. Some of these sites are set by IP and not a Public Host Name
(Example: http://123.45.67.8). What is happening is that if I have that IP
in my URL Set "Allow List", no matter of someones tier, the site is being
blocked or not resolved and is failing.

If I set my Browser to "By Pass" the Proxy, the site works without problem.

The other part I am notice is if I create and random name in DNS that points
the the Failing IP, and then change the IP in the link to the HOST/DNS name
I created. The site works.

So what it looks like to me is ISA is trying to resolve IP's as a Host
within my internal DNS.

Has anyone see or had this issue and if so what can be down about this.

Thank you,
Michael

Follow-Ups:
- Re: ISA Not Allowing Sites by IP
  - From: Phillip Windell

References:
- ISA Not Allowing Sites by IP
  - From: Michael

Prev by Date: Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
Next by Date: Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
Previous by thread: Re: ISA Not Allowing Sites by IP
Next by thread: Re: ISA Not Allowing Sites by IP
Index(es):
- Date
- Thread

Relevant Pages

Re: How to Enable DHCP Domain Name Completion in Windows 2003 Clients?
... domain name completion lists in the TCP/IP configuration to ... At this time Win2k3 DHCP cannot assign a DNS suffix search list. ... you can assign only one DNS suffix per client. ... There is a GPO that assigns a custom DNS suffix search list to XP and Win2k3 ...
(microsoft.public.windows.server.dns)
Re: Dynamic DNS (Netmask Ordering)
... example.domainname.com using the subnet the computer is on. ... Assuming you are resolving the same name there is NO ... Ping uses Hosts file then DNS so if DNS resolution is used ... Qualified names the client software actually requests. ...
(microsoft.public.win2000.dns)
Re: Clients cannot find sharepoint
... The client machines had an entry in the append DNS ... Get ipconfig/all result on SBS and client computer. ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.windows.server.sbs)
Re: Internet Speed
... I think what we are trying to say is to use the DHCP from the SBS and NOT ... DNS and WINS point to the SBS. ... as the server IP address. ... it is recommend to configure all SBS client computers' IP and DNS ...
(microsoft.public.windows.server.sbs)
Re: GPO problems
... It was the ISA 2004 firewall client. ... DNS settings and network properties on the server and client computers. ... > Service of SBS is configured to be the DNS server on the problematic ...
(microsoft.public.windows.server.sbs)