Re: ISA Not Allowing Sites by IP

From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
Date: Wed, 13 Feb 2008 13:16:44 -0600

"Michael" <michael@xxxxxxxxxx> wrote in message
news:B7747E98-97B0-4F87-9228-77335FB53041@xxxxxxxxxxxxxxxx

I know that the creating of DNS Entries is not a solution as the sites
listed by IP are not
internal to my company. The sites are hosted at client sites, but the
client is connected to
use via VPN Tunnel.
Example:
My Company (comp1.corp.com) <--vpn tunnel--> Client (comp2.corp.net)

That doesn't matter. You can still do it with DNS. You just create a "fake"
Host Records in your DNS in your own Zone for them and give the records the
correct IP#s.

in Zone: CORP.COM
(A Rec) "fakename1" <IP#1>
(A Rec) "fakename2" <IP#1>
(A Rec) "fakename3" <IP#1>
(A Rec) "fakename4" <IP#1>

Resolves to correct IP# by using:
http://fakename1.corp.com
http://fakename2.corp.com
http://fakename3.corp.com
http://fakename4.corp.com

You can also do it with WINS. The URL would just be a single machine name
(WINS name) with no "dots".

Static entry: "fakename1" <IP#1>
Static entry: "fakename2" <IP#1>
Static entry: "fakename3" <IP#1>
Static entry: "fakename4" <IP#1>

Resolves to correct IP# by using:
http://fakename1
http://fakename2
http://fakename3
http://fakename4

DNS is not an option as I have very many clients,

That doesn't matter.

and also a site that should be resolved SITE1.COMP2.CORP.NET would really
be
resolving as SITE1.COMP1.CORP.COM.

No they wouldn't. They would resolve to:

http://fakename1.corp.com
http://fakename2.corp.com
http://fakename3.corp.com
http://fakename4.corp.com

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

.

References:
- ISA Not Allowing Sites by IP
  - From: Michael
- Re: ISA Not Allowing Sites by IP
  - From: Michael

Prev by Date: Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
Next by Date: Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
Previous by thread: Re: ISA Not Allowing Sites by IP
Next by thread: SSL-Tunnel blocked?
Index(es):
- Date
- Thread

Relevant Pages

Frontpage Extensions on dynamic DNS server
... Are the LAN addresses private? ... gets the 'real' internet IP address from your dynamic ... On your client PC you could add in the ... resolves internally. ...
(microsoft.public.inetserver.iis)
Re: RWW Disconnecting
... I understand that remote client encounts following error message when RWW ... I strongly suggest that we rerun the Configure E-mail and Internet ... 825763 How to configure Internet access in Windows Small Business Server ...
(microsoft.public.windows.server.sbs)
RE: Internet Printing
... that the option "Connect" is missing no matter the client is from internal ... it appears that IIS Internet Printing on Windows Server 2003 is ... To verify, install IIS ...
(microsoft.public.windows.server.sbs)
Re: RWW Disconnecting
... I have been connected from a remote site for about 3 ... DHCP server and even a wireless access ... the key codes to for Internet access. ... Client Workstations} ...
(microsoft.public.windows.server.sbs)
RE: RWW not accessible over web
... Can the client access Internet web sites when you ... Extract all files to a folder on ISA server. ... 'Microsoft Firewall' service. ...
(microsoft.public.windows.server.sbs)