Solved

ISA 2000, How do I dummy it down to a proxy only device?

Posted on 2006-07-07
9
233 Views
Last Modified: 2013-11-16
I have a ISA 2000 server.  We have since installed a cisco PIX and do not need the firewall part of the ISA server.  it is causing several problems with regards to instant messaging and RDP sessions to the outside world.  Is there any way i can just use it as a proxy server to route internet traffic?

Dan
0
Comment
Question by:dprenevost
  • 5
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17060448
Reinstall and use the cached-mode only option.
Disable the second nic card.
Set up your internet explorer devices to use the ISA server on port 80 or 8080 depending on your rules.
Repoint the client machines default gateway to point at your router (or whatever) rather than the ISA internal NIC.
Remove the ISA firewall client from each client machine unless you want to use active directory to control your user access etc. Personally I would remove the ISA client anyway.

Job done
0
 

Author Comment

by:dprenevost
ID: 17060996
Thanks for the quick response!  The only problem is that the router that goes out is on a different subnet.  I would have to do a major reconfig on the servers(dhcp scopes and move the physical connections) and the switches and flatten out the IP architechture.  That is a project that I have on the horizon.  I was hoping to get a "quick fix" and just be able to open up the ISA server to all traffic both ways for the time being...thoughts?

Dan
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17061265
Ok, there is a link I can give you but it requires having only the one network card active so thats no use really.

A quick win WOULD be to create IP filters that allowed all protocols in both directions but it is dirty. If you are happy that the pix will do the job in isolation then fine; make sure you give the access to ALL users and definitley remove the ISA client if you have installed it.
0
 

Author Comment

by:dprenevost
ID: 17090469
I opened up the ISA firewall with no restrictions but it is still blocking some ssl and rdp sessions...ISA SUCKS.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17092665
Can't agree with you there.....

lets take a step back here. Have you got a workstation/machine between the ISA and the external firewall?

Lets make sure we are differentiating between what the isa is/isn't doing. Starters... ISA only allows port 443 to pass by default with its standard rules. If you want to let ssl outbound on other ports, use this link.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx

If its other issues, use this link regarding accessing ssl sites.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/client_ssl.mspx?pf=true

What is your issue with rdp?
0
 

Author Comment

by:dprenevost
ID: 17093258
Rdp still does not work inside the firewall...
0
 

Author Comment

by:dprenevost
ID: 17093280
I am able to RDP on the other side of the firewall....still behind the PIX with no problems.
0
 

Author Comment

by:dprenevost
ID: 17123450
ok i uninstalled the 200 firewall and installed the 2004 ISA and all semms to be working ok now.  thanks for your help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17124646
Thanx :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Difference between --update and --rcheck 1 76
Netgear WMS5316 Guest SSiD 1 73
Cisco ASA 1 56
suspending the anti virus 6 112
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now