Solved

ISA 2000, How do I dummy it down to a proxy only device?

Posted on 2006-07-07
9
237 Views
Last Modified: 2013-11-16
I have a ISA 2000 server.  We have since installed a cisco PIX and do not need the firewall part of the ISA server.  it is causing several problems with regards to instant messaging and RDP sessions to the outside world.  Is there any way i can just use it as a proxy server to route internet traffic?

Dan
0
Comment
Question by:dprenevost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17060448
Reinstall and use the cached-mode only option.
Disable the second nic card.
Set up your internet explorer devices to use the ISA server on port 80 or 8080 depending on your rules.
Repoint the client machines default gateway to point at your router (or whatever) rather than the ISA internal NIC.
Remove the ISA firewall client from each client machine unless you want to use active directory to control your user access etc. Personally I would remove the ISA client anyway.

Job done
0
 

Author Comment

by:dprenevost
ID: 17060996
Thanks for the quick response!  The only problem is that the router that goes out is on a different subnet.  I would have to do a major reconfig on the servers(dhcp scopes and move the physical connections) and the switches and flatten out the IP architechture.  That is a project that I have on the horizon.  I was hoping to get a "quick fix" and just be able to open up the ISA server to all traffic both ways for the time being...thoughts?

Dan
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17061265
Ok, there is a link I can give you but it requires having only the one network card active so thats no use really.

A quick win WOULD be to create IP filters that allowed all protocols in both directions but it is dirty. If you are happy that the pix will do the job in isolation then fine; make sure you give the access to ALL users and definitley remove the ISA client if you have installed it.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 

Author Comment

by:dprenevost
ID: 17090469
I opened up the ISA firewall with no restrictions but it is still blocking some ssl and rdp sessions...ISA SUCKS.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17092665
Can't agree with you there.....

lets take a step back here. Have you got a workstation/machine between the ISA and the external firewall?

Lets make sure we are differentiating between what the isa is/isn't doing. Starters... ISA only allows port 443 to pass by default with its standard rules. If you want to let ssl outbound on other ports, use this link.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx

If its other issues, use this link regarding accessing ssl sites.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/client_ssl.mspx?pf=true

What is your issue with rdp?
0
 

Author Comment

by:dprenevost
ID: 17093258
Rdp still does not work inside the firewall...
0
 

Author Comment

by:dprenevost
ID: 17093280
I am able to RDP on the other side of the firewall....still behind the PIX with no problems.
0
 

Author Comment

by:dprenevost
ID: 17123450
ok i uninstalled the 200 firewall and installed the 2004 ISA and all semms to be working ok now.  thanks for your help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17124646
Thanx :)
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Netgear WMS5316 Guest SSiD 1 87
Cisco ASA 5512 LAN Config 16 103
Cisco ASA 1 70
Watchguard XTM 2 94
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question