[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

ISA 2000, How do I dummy it down to a proxy only device?

Posted on 2006-07-07
9
Medium Priority
?
248 Views
Last Modified: 2013-11-16
I have a ISA 2000 server.  We have since installed a cisco PIX and do not need the firewall part of the ISA server.  it is causing several problems with regards to instant messaging and RDP sessions to the outside world.  Is there any way i can just use it as a proxy server to route internet traffic?

Dan
0
Comment
Question by:dprenevost
  • 5
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17060448
Reinstall and use the cached-mode only option.
Disable the second nic card.
Set up your internet explorer devices to use the ISA server on port 80 or 8080 depending on your rules.
Repoint the client machines default gateway to point at your router (or whatever) rather than the ISA internal NIC.
Remove the ISA firewall client from each client machine unless you want to use active directory to control your user access etc. Personally I would remove the ISA client anyway.

Job done
0
 

Author Comment

by:dprenevost
ID: 17060996
Thanks for the quick response!  The only problem is that the router that goes out is on a different subnet.  I would have to do a major reconfig on the servers(dhcp scopes and move the physical connections) and the switches and flatten out the IP architechture.  That is a project that I have on the horizon.  I was hoping to get a "quick fix" and just be able to open up the ISA server to all traffic both ways for the time being...thoughts?

Dan
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17061265
Ok, there is a link I can give you but it requires having only the one network card active so thats no use really.

A quick win WOULD be to create IP filters that allowed all protocols in both directions but it is dirty. If you are happy that the pix will do the job in isolation then fine; make sure you give the access to ALL users and definitley remove the ISA client if you have installed it.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:dprenevost
ID: 17090469
I opened up the ISA firewall with no restrictions but it is still blocking some ssl and rdp sessions...ISA SUCKS.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 17092665
Can't agree with you there.....

lets take a step back here. Have you got a workstation/machine between the ISA and the external firewall?

Lets make sure we are differentiating between what the isa is/isn't doing. Starters... ISA only allows port 443 to pass by default with its standard rules. If you want to let ssl outbound on other ports, use this link.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx

If its other issues, use this link regarding accessing ssl sites.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/client_ssl.mspx?pf=true

What is your issue with rdp?
0
 

Author Comment

by:dprenevost
ID: 17093258
Rdp still does not work inside the firewall...
0
 

Author Comment

by:dprenevost
ID: 17093280
I am able to RDP on the other side of the firewall....still behind the PIX with no problems.
0
 

Author Comment

by:dprenevost
ID: 17123450
ok i uninstalled the 200 firewall and installed the 2004 ISA and all semms to be working ok now.  thanks for your help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17124646
Thanx :)
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
Suggested Courses
Course of the Month9 days, 16 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question