Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ISA 2000, How do I dummy it down to a proxy only device?

Posted on 2006-07-07
9
Medium Priority
?
242 Views
Last Modified: 2013-11-16
I have a ISA 2000 server.  We have since installed a cisco PIX and do not need the firewall part of the ISA server.  it is causing several problems with regards to instant messaging and RDP sessions to the outside world.  Is there any way i can just use it as a proxy server to route internet traffic?

Dan
0
Comment
Question by:dprenevost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17060448
Reinstall and use the cached-mode only option.
Disable the second nic card.
Set up your internet explorer devices to use the ISA server on port 80 or 8080 depending on your rules.
Repoint the client machines default gateway to point at your router (or whatever) rather than the ISA internal NIC.
Remove the ISA firewall client from each client machine unless you want to use active directory to control your user access etc. Personally I would remove the ISA client anyway.

Job done
0
 

Author Comment

by:dprenevost
ID: 17060996
Thanks for the quick response!  The only problem is that the router that goes out is on a different subnet.  I would have to do a major reconfig on the servers(dhcp scopes and move the physical connections) and the switches and flatten out the IP architechture.  That is a project that I have on the horizon.  I was hoping to get a "quick fix" and just be able to open up the ISA server to all traffic both ways for the time being...thoughts?

Dan
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17061265
Ok, there is a link I can give you but it requires having only the one network card active so thats no use really.

A quick win WOULD be to create IP filters that allowed all protocols in both directions but it is dirty. If you are happy that the pix will do the job in isolation then fine; make sure you give the access to ALL users and definitley remove the ISA client if you have installed it.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:dprenevost
ID: 17090469
I opened up the ISA firewall with no restrictions but it is still blocking some ssl and rdp sessions...ISA SUCKS.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 17092665
Can't agree with you there.....

lets take a step back here. Have you got a workstation/machine between the ISA and the external firewall?

Lets make sure we are differentiating between what the isa is/isn't doing. Starters... ISA only allows port 443 to pass by default with its standard rules. If you want to let ssl outbound on other ports, use this link.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx

If its other issues, use this link regarding accessing ssl sites.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/client_ssl.mspx?pf=true

What is your issue with rdp?
0
 

Author Comment

by:dprenevost
ID: 17093258
Rdp still does not work inside the firewall...
0
 

Author Comment

by:dprenevost
ID: 17093280
I am able to RDP on the other side of the firewall....still behind the PIX with no problems.
0
 

Author Comment

by:dprenevost
ID: 17123450
ok i uninstalled the 200 firewall and installed the 2004 ISA and all semms to be working ok now.  thanks for your help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17124646
Thanx :)
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question