[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA 2000, How do I dummy it down to a proxy only device?

Posted on 2006-07-07
9
Medium Priority
?
246 Views
Last Modified: 2013-11-16
I have a ISA 2000 server.  We have since installed a cisco PIX and do not need the firewall part of the ISA server.  it is causing several problems with regards to instant messaging and RDP sessions to the outside world.  Is there any way i can just use it as a proxy server to route internet traffic?

Dan
0
Comment
Question by:dprenevost
  • 5
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17060448
Reinstall and use the cached-mode only option.
Disable the second nic card.
Set up your internet explorer devices to use the ISA server on port 80 or 8080 depending on your rules.
Repoint the client machines default gateway to point at your router (or whatever) rather than the ISA internal NIC.
Remove the ISA firewall client from each client machine unless you want to use active directory to control your user access etc. Personally I would remove the ISA client anyway.

Job done
0
 

Author Comment

by:dprenevost
ID: 17060996
Thanks for the quick response!  The only problem is that the router that goes out is on a different subnet.  I would have to do a major reconfig on the servers(dhcp scopes and move the physical connections) and the switches and flatten out the IP architechture.  That is a project that I have on the horizon.  I was hoping to get a "quick fix" and just be able to open up the ISA server to all traffic both ways for the time being...thoughts?

Dan
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17061265
Ok, there is a link I can give you but it requires having only the one network card active so thats no use really.

A quick win WOULD be to create IP filters that allowed all protocols in both directions but it is dirty. If you are happy that the pix will do the job in isolation then fine; make sure you give the access to ALL users and definitley remove the ISA client if you have installed it.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:dprenevost
ID: 17090469
I opened up the ISA firewall with no restrictions but it is still blocking some ssl and rdp sessions...ISA SUCKS.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 17092665
Can't agree with you there.....

lets take a step back here. Have you got a workstation/machine between the ISA and the external firewall?

Lets make sure we are differentiating between what the isa is/isn't doing. Starters... ISA only allows port 443 to pass by default with its standard rules. If you want to let ssl outbound on other ports, use this link.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx

If its other issues, use this link regarding accessing ssl sites.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/client_ssl.mspx?pf=true

What is your issue with rdp?
0
 

Author Comment

by:dprenevost
ID: 17093258
Rdp still does not work inside the firewall...
0
 

Author Comment

by:dprenevost
ID: 17093280
I am able to RDP on the other side of the firewall....still behind the PIX with no problems.
0
 

Author Comment

by:dprenevost
ID: 17123450
ok i uninstalled the 200 firewall and installed the 2004 ISA and all semms to be working ok now.  thanks for your help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17124646
Thanx :)
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month18 days, 14 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question