Re: SBS R2 ISA2004 Dark Arts
- From: Marcus <Marcus@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Aug 2007 15:22:00 -0700
Yes, I ran CEICW after the ISA install (by which I mean after all the SPs and
the WSUS updates).
And, yes, I installed the firewall clients on all of the desktops/laptops.
And I still couldn't access the internet from localhost...
I've tried to follow the instructions I've found to the letter. Any other
advice is most appreciated.
"Larry Struckmeyer" wrote:
Also, did you install the firewall client on each of the workstations (not.
the SBS)
Larry
"Larry Struckmeyer" <lstruckmeyer(at)mis-wizards(dot)com> wrote in message
news:eDpu03C5HHA.3716@xxxxxxxxxxxxxxxxxxxxxxx
Hi Marcus:
Did you re run the CEICW after installing ISA?
Larry
"Marcus" <Marcus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DC20C4E6-F139-4FBE-9FB3-0064139240E1@xxxxxxxxxxxxxxxx
I'm having problems. I've posted on the ISA TecNet and it's not helped
(perhaps due to a SBS prejudice).
My infrastructure is this.
SBS2003 R2 Premium in the back-end fire wall configuration. Internal
network
NIC IP is 10.0.32.1 and perimeter (internet facing) NIC IP is
192.168.1.2.
There is a front firewall which has a perimeter (intranet facing) NIC IP
of
192.168.1.1. It has an external static (internet facing) NIC IP of
W.X.Y.Z.
For the purposes of this discussion the front firewall is merely acting
as a
front router (as I have disabled all of its firewall functionality).
I have installed SBS2003 R2 (and all service packs and WSUS updates).
I have configured the (non-ISA) Windows firewall, E-mail and remote
working
using CEICW.
So far, so good. Everything works. WSUS is fine. I get web pages (on the
server and clients). E-mail is fine, including embedded images.
I install ISA2004 following the instructions exactly. I also downloaded
and
installed all of the service packs and WSUS updates, rebooting between
each
when prompted to do so.
It creates a proxy for IE clients. The proxy is also used by WSUS.
However,
I can't reach the internet from IE from the localhost or clients. WSUS
fails
to sync. E-mail arrives and goes out but I no longer get embedded images.
I look at the ISA Management Console policies and rules. It doesn't
reflect
the back-firewall configuration I have so I run the back-firewall
template
granting full access. Still no joy.
I manually set the Computer->Front Firewall to 192.168.1.1 and the
perimeter
network to be 192.168.1.0 to 192.168.1.254.
None of the template generated rules includes either the perimeter
network
or the front fire wall. IE, WSUS and embedded images still don't work.
I bought Tom Shinder's book. It doesn't cover SBS and hints that SBS is a
bad idea (waste of money for me). I went to isaserver.org (following
advice
from the ISA Server TechNet) and read all five parts of his series on ISA
and
SBS, but I was waiting for parts 6 onwards which don't exist. Parts 1 to
5
were no help either.
I have visited every blog and site I can find and none tell me how to
write
rules or policies to get traffic out and back through the perimeter
network
and the front firewall.
I can't be the only person who has encountered this problem. How do I get
out and back? Is there a site with examples of policies and rules which
work
in this configuration?
Finally, for clients which use the proxy, how do I ensure that the
experimental changes I make via ISA Server Management Console are
actually
employed when I test from a client? Do I have to log off and on each time
I
make changes, or is there something else I can do?
- References:
- Re: SBS R2 ISA2004 Dark Arts
- From: Larry Struckmeyer
- Re: SBS R2 ISA2004 Dark Arts
- From: Larry Struckmeyer
- Re: SBS R2 ISA2004 Dark Arts
- Prev by Date: Re: Symantec Backup Exec V10 Tape Ejecting Spontaneously
- Next by Date: Re: SBS R2 ISA2004 Dark Arts
- Previous by thread: Re: SBS R2 ISA2004 Dark Arts
- Next by thread: Re: SBS R2 ISA2004 Dark Arts
- Index(es):
Relevant Pages
|
