Re: Turn off firewall

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 04/13/04 

Date: Tue, 13 Apr 2004 15:09:13 -0700

The fact is, without using a NAT-T-compatible client and server, IPSec won't travel across any NAT device.
As far as "turning off" ISA features, you're stepping into the realm of "unsupported actions".
ISA will NAT all traffic to / from the LAT; there's no way to "disable" this without breaking your ISA installation. 

-- 
 Jim Harrison [ISASE]
 Read the help, books and articles!
 This posting is provided "AS IS" with no warranties, and confers no rights.
"Jim Matthews" <jmweb_remove@comcast.net> wrote in message news:OtsOhDaIEHA.3240@TK2MSFTNGP12.phx.gbl...
Thanks for your reply
Well, for one thing, I cannot use a IPSEC client from behind it (We are the
client; our customer is the "server"), which ISA does not allow.
Another is - a few times we have had problems accessing web sites and such
on "non-standard" ports.
Both these items can be resolved by using static IP addresses, but I would
like to be able to use NAT.
Also, I want to keep my/Web publishimg rules but just not restrict outbound
access under any circumstances.
I have added ALLOW ALL rules, to no avail
Thanks for any help
JM
"JOlson (TJMCG)" <jolson@tj-myers.com> wrote in message
news:2kbo70hr3vennfnti4d6unnidbfmgngu73@4ax.com...
> While I agree with Jim that you (should) NOT want to turn off ISA, to
> fill your need for info:
>
> There are two ways to approach this:
> - To "turn off" isa, you can uninstall it...
> - Or you can turn off the features one-by-one and then remove all the
> filters except to have an allow-all for each direction.
>
> While I haven't done this, nor would want to, it reasolns that this
> should work. However, again, without doing so, I cannot be sure.
>
> Perhaps you can give us some great insight into why we (or at least
> you) would want to disable your firewall.
>
> Jason Olson
> Solutions Mgr
> www.tj-myers.com
> TJ-Myers Consulting Group
>
> On Tue, 13 Apr 2004 10:42:18 -0700, "Jim Harrison [MSFT]"
> <jmharr@online.microsoft.com> wrote:
>
> >You can't "turn off" ISA.
>

Relevant Pages

  • Re: HTTPS durch ISA
    ... > Client die Verbindung aufbaust? ... jetzt NAT oder Route - vielleicht erinnerst Du dich. ... Jetzt geht halt nur kein HTTPS mehr. ... andere geht sauber durch den ISA, ...
    (microsoft.public.de.german.isaserver)
  • Re: Internet access with local PPP links
    ... Extract all files to a folder on ISA server ... This newsgroup only focuses on SBS technical issues. ... if I disable the ISA client but leave IE setup to use the ... | server at port 8080 then the user can still surf the Internet fine. ...
    (microsoft.public.windows.server.sbs)
  • Re: Is this a 3-Leg Perimeter scenario?
    ... the same configuration as I had it originally before upgrading to ISA 2004 ... No PersisentRoute enrty on the clients; no firewall client disabling; no IE ... using IE to access the FTP. ...
    (microsoft.public.windows.server.sbs)
  • RE: RWW not accessible over web
    ... Can the client access Internet web sites when you ... Extract all files to a folder on ISA server. ... 'Microsoft Firewall' service. ...
    (microsoft.public.windows.server.sbs)
  • RE: Real Player Working with SBS 2003
    ... > and no problem in accessing the internet, please double confirm the ISA ... > setting on both the ISA server and client computer. ... > Microsoft CSS Online Newsgroup Support ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)