Windows Server - ISA 2004 Network Rules

Asked By JiminClevelan

02-Aug-07 04:58 PM

I just loaded ISA 2004 on a new server.  Out of the box, there are three
Network Rules:
Local Host to all networks  route
VPN Clients to Internal       route
Internal to External     NAT

Do I also have to set up a Network Rule (External to Internal) so that
people outside can get to our Web sites?  Or will this be taken care of with
Web & Server Publishing Rules?

Jim

ISA Configuration Discussions

ISA Server 2004
(1)

Windows Vista
(1)

ISAServer
(1)

DMZs
(1)

VPN
(1)

ElMajdal
(1)

Firewalls
(1)

Majdalani
(1)

ElMajda replied...

02-Aug-07 05:24 PM

Yes, you need Web?Server Publishing rules to allow External users to access
your Internal Server behind ISA Server

HTH,
Tarek
--
_____________________________

Tarek Majdalani
Computer Engineer, CIW, MCSA: Security 2000/2003, TS: Windows Vista
MVP -- ISA Firewalls
Website : http://www.elmajdal.net/ISAServer

JiminClevelan replied...

02-Aug-07 05:32 PM

Tarek,

Thanks for the reply.  I know that I have to create publishing rules for our
web site and our exchange server.  In reading Shinder's book, I thought it
also said that in order for two different networks to talk, there needed to
be a Network rule in place.  I just wasn't sure if I needed a Network rule as
well as Publishing rules or if just the Publishing rules would be suffice.
Am I correct in saying that?

Jim

Phillip Windell replied...

03-Aug-07 12:24 PM

Publishing Rules - Yes
Network Rules - No

You must have read Tom's material out of the proper context.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

Phillip Windell replied...

03-Aug-07 02:44 PM

To clarify a little more,...Network Rules establish Relationships, not
access control.  A Relationship is either going to be NAT (includes
proxying) or it will be Routed.

The relationship between Internal Type networks (including VPN Networks) and
the External Network (including DMZs) is typically a NATed relationship
while most other relationships are Routed.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

Previous Discussion: VPN Upstream connection

AD replication Windows Server

AD replication Windows Server I have and exiting 2000 mixed mode domain just added a 2003 server into the mix and promoted it to DC The AD transfer happened but I am AD on the new DC. . . . . but havent observed the new user over in my 2000 server AD not sure if I am under the correct assumptions that I should see these old existing w2k DC I should see the AD correclty replicating between the 2 ? thanks Windows Server Active Directory Discussions DC (1) Administration (1) Eriecountygov (1) DNS (1) TCP (1) CN (1) LH (1) Server (1) Run diagnostics against your Active Directory domain. If you don't have the support tools installed, install them from your server install disk. d: \ support \ tools \ setup.exe Run dcdiag, netdiag and repadmin in verbose mode

Advice on best way to migrate to Server 2008 Windows Server

Advice on best way to migrate to Server 2008 Windows Server This is what I have right now. . . . . 1. Windows Server 2000 sp4 acting as primary domain controller. 2. Windows Server 2000 sp4 acting as a backup domain controller. 3. Windows Server 2000 sp4 just a member server. 4. Windows Server 2003 WITH Exchange Server 2003

Error " The Target principal name is incorrect" Windows Server

Error " The Target principal name is incorrect" Windows Server Hi All, I have big problem , becuase i miss take change the DC system day i don't reinstall the DC , becuase the DC is GC , Thanks, DC and DC2 : Windows 2003 Std R2 SP2 Windows 2000 Active Directory Discussions Windows Server 2003 R2 (1) Active Directory (1) MSSQLSvc (1) SupportedSASLMechanisms (1) SupportedLDAPPolicies (1) DHCPServer (1) IMAC the console tree, double-click Configuration [DomainControllerName], CN = Configuration, DC = [ForestRootDomain], CN = Services, and CN = Windows NT. 3. Right-click CN = Directory Service, and then click Properties. 4. In the Attribute www.blakjak.demon.co.uk / mul_crss.htm Hi All, Yes , because the Site A DC Server change the time to year 2002 (is my mistake ), now the site A server and

ANN: Out-of-band Security Update to be released 23 Oct-08 Windows Server

ANN: Out-of-band Security Update to be released 23 Oct-08 Windows Server Microsoft Security Bulletin Advance Notification for October 2008 http: / / www.microsoft.com / technet / security / bulletin that Microsoft is intending to release on Thursday, 23 October 2008. Critical Security Bulletin (1) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Windows Bulletin - Affected Software: - Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 and Windows XP Service Pack 3 - Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 and Windows

[WARNING] Failed to query SPN registration on DC Windows Server

WARNING] Failed to query SPN registration on DC Windows Server Hi all, Newly promoted DC (after an OS failure requiring a rebuild - metadata cleanup performed to query SPN registration on DC (every DC is listed) DCDIAG is clean. On the server which the newly promtoed one has a site link too are many Event ID 1265 not on it's replication partner. Any ideas guys? I'm a bit stumped here Windows Server Active Directory Discussions AndrewDOTstoryATjameswalkerDOTbiz (1) Active Directory (1) Windows Server (1) KnowsOfRoleHolders (1) NCSecDesc (1) ExistingADS01 (1) NewADS01 (1) Report (1) After a reboot on AS IS" with no warranties, and confers no rights. IPConfig from rebuilt DC (new one) Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : newADS01 Primary DNS Suffix . . . . . . . : domain.co.uk Node Type . . . . . . . . . . . . : Hybrid