the senerio i hav made is this
192.168.10.x
192.168.0.x
-----internet ------------[nat device]-------------------[isa
server]-------------------
public ip private ip
LAN users
the problem i am having is this .... as all my users r located on
192.168.0.x network and isa is the default gateway for them.....bt some of
the users put 192.168.10.X ip address on there computer with
192.168.10.2(gateway for 10.x)network .so tht they r now on 10.x network
which results in bypass isa server firewall.
pls tell me is there anyway i can stop this.
ANWAR ADIL
CCNA , MCP
help regarding firewall bypassing
2 posts
• Page 1 of 1
- delphi
- scanner
- c++ builder
- Windows XP
- Windows XP
- linux
- Visual Basic
- VC.NET
- crm
- Microsoft Project
Jump to:
- 1. Is ISA server a 64 or 32 bit app?
Customer of mine wants to get a new computer to run ISA server 2004 - maybe upgrade to 2006 later. He really wants to get a machine with Xeon processors which I think is a 64 bit processor so we would be using W2003 standard server 64 bit. I think its overkill for small network (50 users), but he's pretty stubborn. Question I have is, is ISA server a 64 bit app? I'm planning the installation and realise that we would have to use ISA Firewall clients because we want to limit access to internet based on User logins. That means we will have to use the mmc snap-in to install the client program to user machines from the ISA server. I see there are two versions of the snap-in one for 32 bit and one for 64 bit. Are we OK to use ISA server with W2003 standard server 64 bit? If we do, will the snap-in to install the client work OK? Thanks for any help Bob - 2. User groups do not seem to get recognized by access rule.
My setup is a back firewall, it was configured to have limited internet access using the wizard after install. So the first rule is the one called Web Access Only that allows HTTP, HTTPS, FTP for all users. I tested that rule and it needed to have DNS added to it to make it possible to use the browser to access a site. So far that works, however I wanted only some users on the network to be able to access the internet, so I created a group on my domain controller called InternetUsers and added a user to that group. Then I went back to the ISA server, added that group to the list of ISA users and in my Web Access Only rule and removed All Users. If I logged on with a login that is that of a user in the InternetUsers users group on my domain, I should be able to use the browser to access the Internet. If I logged in as a user that is not a member of that group I should not be able to connect to any sites. However I find that when I try using the InternetUsers in the rule's properties, then I can't connect to any site, even though I'm logged in as a member of the InternetUsers group. If I just change the properties to use All Users, my browser can connect OK. Is my thinking wrong? It seems that what I tried to do should work OK. If I'm right, what should I do to make it work? Same question realy if I'm wrong :-) Any help would be greatly appreciated. Bob - 3. ISA network/security Configuration issues
Hi Everyone, I've got a bit of a problem, I have several internal private network ranges which are all internal. I need to take two of these ranges and set them up so they do not require authentication, but for the others I need to require authentication. for example I have 172.16.134.x range which I need to require the autentication for. But I then have 172.16.135.x range which I need to allow annonymous authentication. This is in part due to our 3rd party product Websense which does our web filtering. We need these anonymous ranges for our wifi hot spots, since the public doesn't have domain accounts we need it to be anonymous. But for all of the domain machines we need to have it require authentication so Websense can properly detect the user accounts and allow additional features which are required. I had created another network called wifi, put these address ranges in it. And then included it in the internal network group. This didn't work, I am getting IP spoofing errors on the wifi group. I also tried making rules specifically for the wifi network and that did not work either. Please give me some direction, at this point I am tempted to put a third NIC into the server. I'd rather not do it, as adding hardware usually just complicates things. It is an ISA 2004 with the latest service packs and patches, running on a windows 2000 box. - 4. Configuring ISA 2004 as VPN and proxy server
Hi, I am planning to implement ISA 2004 on Windows 2003 Standard Edition. I would like to achieve the following task. 1. It should be a proxy server. 2. It should be a VPN server. 3. It should be a firewall to protect the internal network. If you have any suggestions or any articles, then please let me know. I appreciate your help. Thanks - 5. Bypass address
Hi I have some webaddresses I need to bypass, they doesn't work if they go throu a proxy. How can I do that in ISA server? //Peter
Next
help regarding firewall bypassing
by anwar adil » Tue, 12 Jul 2005 21:12:16 GMT
Re: help regarding firewall bypassing
by Sergio Fonseca [MVP] » Fri, 22 Jul 2005 05:25:30 GMT
Hi anwar, Your users have permission to change the TCP(IP settings on computers?! On 192.168.10.2 allow only communication from the ISA IP. Qualquer sugest deve ser testada antes de aplicada - www.gupade.org
Similar Threads:
1.Regards Firewall Authentications
I have a ISA 2000 with SP2 and FP1 on a Windows 2000 Server, this Server is the member of Windows Server 2003 Domain Controller (on the separate box). All of the sudden, ISA 2000 stop authenticating users and everytime it throws: "HTTP 407 Proxy Authentication Required - The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. (12209) Internet Security and Acceleration Server " Except to some users!! To resolve the issue, i removed all Access Policy, Site Content Rules and it is open for all (with no access policy). But still the same problem is occuring that it doesn't authenticate users except some users. In the meantime, i try logging those users to domain, they successfully logon to the domain. So, am sure that domain authentication is not a problem. Please, anybody resolve my issue. Regards NAJMUSSAQIB.
2.Want help regarding : "disable bluetooth device"
Hi I want to disable bluetooth device connected to my PC. Can I disble bluetooth radio connected to my PC through code (C++) ? Thanking you Regards Devang Vyas
3.Allowing certain applications to bypass ISA using Firewall Client
We have a problem !! Users in our remote branch (192.168.50.0) have a slow private network connection to head office via their router at 192.168.50.1 They have another router onsite, 192.168.50.2 which connects to a partner network over a fast line. (195.x.y.z) All worked fine with routes programmed into the .1 router to go our to the partner network via the router at .2 Since deploying the firewall client they are unable to reach the partner network. The access is by a unique application "contact.exe". It appears that despite the routing rules on the local routers, all network traffic is being forced through the ISA server at HQ (192.168.10.1). Is there anyway we can convice the ISA FW Client to ignore all traffic from the contact.exe application and/or to the 195.x.y.z network ? Thanks, Andy --
4.Steps To Allow A User To Bypass Firewall/ISA
I obviously do not know as much as I think I did. Which wouldn't be surprising if you asked my friends. I am trying to get the Napster online service, through Windows Media Player, in past ISA 2000. The messages in WMP are cryptic enough that I thought I should just open my workstation up to the world, at least for testing purposes. I thought that I would just have to set up a Protocol Rule, allowing the Client Address Set which includes just my workstation, and then set up a Server Publishing Rule. That doesn't work. What else do I have to do? caz
5.software somehow bypasses the firewall client
Hi all, i've got a really strange problem here ... I have a piece of software (the google updater to be specific) that somehow bypasses the ISA server Firewall Client. Although the Firewall Client is properly configured and works for all other applications, the google updater tries to connect directly through our gateway router (and this is not allowed :) ). I know this because I did a packet dump. At first I saw that the software was querying my internal dns servers for the google domain. I added this to my hosts file and now that it can resolve "pack.google.com" it tries to download an xml file directly through our gateway. The packets seem not to be "intercepted" by the firewall client. Has anybody else seen this before ? Any solutions :) ? Thank you, Ioan
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 5 guest