some questions about RRAS configuration

Hello,

I have to install a RRAS server under Win2003 R2

This will be used to connect a private LAN to the Internet using a permanent 
internet connection via an ISP Router

What I have read so far about RRAS configuration assumed that the RRAS 
server was itself directly connected to the internet (one networkcard using 
Dial-Up...)

But my environment is a ISP router to which I need to connect the RRAS 
server.
So basically I need to do this:

Client(PrivIP)---->(PrivIP)RRAS(PubIP)--->(PubIP)ISPRouter(PubIP)--->Internet

The functionality needed on the RRAS Server is this:
-NAT
-DHCP Server
-DNS Forwarder
-Firewall

I understand that I need to install the RRAS for "NAT" :
Then my plan is to assign the RRAS one private IP to the inside LAN and one 
of the public IPs that we are given by our ISP to the other interface
On the RRAS, I would need to set the default Gateway to the IP-Nr of the ISP 
Router..?
And the ISP Router's default GW must point to the RRAS..?
For DNS  I would assign the ISP's DNS Server to the RRAS ? RRAS will then 
act as as DNS forwarder / proxy for the clients ?

And if I install RRAS for NAT - do I need to configure any "Remote access 
policies" ? Or "Remote Access Loging" ?


I have read about 3ry party software NAT router like NAT32 - when would I 
use something like NAT32 instead of RRAS..?

Thank you very much

Heinz 


0
Heinz
1/29/2010 4:25:05 PM
windows.server.general 1084 articles. 0 followers. Follow

8 Replies
1063 Views

Similar Articles

[PageSpeed] 10

Hi Heinz,

Your scenario is typical for ISA Server 2006. However, Microsoft recently 
released Forefront Threat Management Gateway 2010 which is the new 
generation of ISA server. However, TMG works on 64-bit Win 2008.

Anyway, for a small network you can use NAT feature built into WIn 2003 
RRAS.

The other answers inline...

"Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
news:uwMwG#PoKHA.1556@TK2MSFTNGP05.phx.gbl...
> Hello,
>
> I have to install a RRAS server under Win2003 R2
>
> This will be used to connect a private LAN to the Internet using a 
> permanent internet connection via an ISP Router
>
> What I have read so far about RRAS configuration assumed that the RRAS 
> server was itself directly connected to the internet (one networkcard 
> using Dial-Up...)

Yes, external network interface can be Dial-Up modem (demand dial 
interface).

>
> But my environment is a ISP router to which I need to connect the RRAS 
> server.
> So basically I need to do this:
>
> Client(PrivIP)---->(PrivIP)RRAS(PubIP)--->(PubIP)ISPRouter(PubIP)--->Internet

Yes, this is OK, although I suppose that ISP will allocate only one public 
IP address to you. In that case, there will be:

Client(PrivIP)--->(PrivIP)RRAS(PrivIP)--->(PrivIP)ISPRouter(PubIP)--->Internet
Example:
10.10.1.100/24->10.10.1.1(RRAS)10.41.1.2/30->10.41.1.1(RTR)(PubIP)->INet

>
> The functionality needed on the RRAS Server is this:
NAT - OK
DHCP Server - OK, but any internal server can do.
DNS Forwarder - OK, but any internal server can do.
Firewall - OK
>
> I understand that I need to install the RRAS for "NAT" :

OK

> Then my plan is to assign the RRAS one private IP to the inside LAN and 
> one of the public IPs that we are given by our ISP to the other interface.

OK. You will have to sort this with ISP. See example above, you may be given 
private IP.

> On the RRAS, I would need to set the default Gateway to the IP-Nr of the 
> ISP Router..?

Yes.

> And the ISP Router's default GW must point to the RRAS..?

No. If the ISP router is on your location, the def GW on internal interface 
is not defined (blank). On the external interface it points to another ISP's 
router.
If the ISP router is in ISP's location, you will not have access to it 
anyway.

> For DNS  I would assign the ISP's DNS Server to the RRAS ? RRAS will then 
> act as as DNS forwarder / proxy for the clients ?

You can install DNS on RRAS. If you are not hosting any services (web, mail 
etc), bind it so that it listens only on the internal interface. Configure 
forwarder to the ISP's DNS server. Configure all internal clients to use 
RRAS internal IP as DNS.

>
> And if I install RRAS for NAT - do I need to configure any "Remote access 
> policies" ?

No, you don't

> Or "Remote Access Loging" ?

The default logging is OK,

>
>
> I have read about 3ry party software NAT router like NAT32 - when would I 
> use something like NAT32 instead of RRAS..?

If it's ADSL, it can be configured for router mode. But ISP's are rather 
unhelpfull about this config. Some even say it is unsupported. However, you 
may use your favorite Internet search to find how to configure ADSL Router 
Mode

>
> Thank you very much
>
> Heinz

Good luck, Heinz.
DuskoS
 

0
Dusko
1/29/2010 7:15:38 PM
Hi,

thank you very much for your answers.

If I  use a proxy like ISA 2006 then the users would need a proxy-setting in 
their internetbrowsers - right?
This is a problem in my environment (I can not use policies etc.)...a 
default gateway (RRAS server) I can distribute using DHCP... but a proxy...?

thank you

"Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
news:<eU$jydRoKHA.5524@TK2MSFTNGP05.phx.gbl>...
> Hi Heinz,
>
> Your scenario is typical for ISA Server 2006. However, Microsoft recently 
> released Forefront Threat Management Gateway 2010 which is the new 
> generation of ISA server. However, TMG works on 64-bit Win 2008.
>
> Anyway, for a small network you can use NAT feature built into WIn 2003 
> RRAS.
>
> The other answers inline...
>
> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
> news:uwMwG#PoKHA.1556@TK2MSFTNGP05.phx.gbl...
> > Hello,
> >
> > I have to install a RRAS server under Win2003 R2
> >
> > This will be used to connect a private LAN to the Internet using a 
> > permanent internet connection via an ISP Router
> >
> > What I have read so far about RRAS configuration assumed that the RRAS 
> > server was itself directly connected to the internet (one networkcard 
> > using Dial-Up...)
>
> Yes, external network interface can be Dial-Up modem (demand dial 
> interface).
>
> >
> > But my environment is a ISP router to which I need to connect the RRAS 
> > server.
> > So basically I need to do this:
> >
> > Client(PrivIP)---->(PrivIP)RRAS(PubIP)--->(PubIP)ISPRouter(PubIP)--->Internet
>
> Yes, this is OK, although I suppose that ISP will allocate only one public 
> IP address to you. In that case, there will be:
>
> Client(PrivIP)--->(PrivIP)RRAS(PrivIP)--->(PrivIP)ISPRouter(PubIP)--->Internet
> Example:
> 10.10.1.100/24->10.10.1.1(RRAS)10.41.1.2/30->10.41.1.1(RTR)(PubIP)->INet
>
> >
> > The functionality needed on the RRAS Server is this:
> NAT - OK
> DHCP Server - OK, but any internal server can do.
> DNS Forwarder - OK, but any internal server can do.
> Firewall - OK
> >
> > I understand that I need to install the RRAS for "NAT" :
>
> OK
>
> > Then my plan is to assign the RRAS one private IP to the inside LAN and 
> > one of the public IPs that we are given by our ISP to the other 
> > interface.
>
> OK. You will have to sort this with ISP. See example above, you may be 
> given private IP.
>
> > On the RRAS, I would need to set the default Gateway to the IP-Nr of the 
> > ISP Router..?
>
> Yes.
>
> > And the ISP Router's default GW must point to the RRAS..?
>
> No. If the ISP router is on your location, the def GW on internal 
> interface is not defined (blank). On the external interface it points to 
> another ISP's router.
> If the ISP router is in ISP's location, you will not have access to it 
> anyway.
>
> > For DNS  I would assign the ISP's DNS Server to the RRAS ? RRAS will 
> > then act as as DNS forwarder / proxy for the clients ?
>
> You can install DNS on RRAS. If you are not hosting any services (web, 
> mail etc), bind it so that it listens only on the internal interface. 
> Configure forwarder to the ISP's DNS server. Configure all internal 
> clients to use RRAS internal IP as DNS.
>
> >
> > And if I install RRAS for NAT - do I need to configure any "Remote 
> > access policies" ?
>
> No, you don't
>
> > Or "Remote Access Loging" ?
>
> The default logging is OK,
>
> >
> >
> > I have read about 3ry party software NAT router like NAT32 - when would 
> > I use something like NAT32 instead of RRAS..?
>
> If it's ADSL, it can be configured for router mode. But ISP's are rather 
> unhelpfull about this config. Some even say it is unsupported. However, 
> you may use your favorite Internet search to find how to configure ADSL 
> Router Mode
>
> >
> > Thank you very much
> >
> > Heinz
>
> Good luck, Heinz.
> DuskoS
>
"Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
news:eU$jydRoKHA.5524@TK2MSFTNGP05.phx.gbl...
> Hi Heinz,
>
> Your scenario is typical for ISA Server 2006. However, Microsoft recently 
> released Forefront Threat Management Gateway 2010 which is the new 
> generation of ISA server. However, TMG works on 64-bit Win 2008.
>
> Anyway, for a small network you can use NAT feature built into WIn 2003 
> RRAS.
>
> The other answers inline...
>
> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
> news:uwMwG#PoKHA.1556@TK2MSFTNGP05.phx.gbl...
>> Hello,
>>
>> I have to install a RRAS server under Win2003 R2
>>
>> This will be used to connect a private LAN to the Internet using a 
>> permanent internet connection via an ISP Router
>>
>> What I have read so far about RRAS configuration assumed that the RRAS 
>> server was itself directly connected to the internet (one networkcard 
>> using Dial-Up...)
>
> Yes, external network interface can be Dial-Up modem (demand dial 
> interface).
>
>>
>> But my environment is a ISP router to which I need to connect the RRAS 
>> server.
>> So basically I need to do this:
>>
>> Client(PrivIP)---->(PrivIP)RRAS(PubIP)--->(PubIP)ISPRouter(PubIP)--->Internet
>
> Yes, this is OK, although I suppose that ISP will allocate only one public 
> IP address to you. In that case, there will be:
>
> Client(PrivIP)--->(PrivIP)RRAS(PrivIP)--->(PrivIP)ISPRouter(PubIP)--->Internet
> Example:
> 10.10.1.100/24->10.10.1.1(RRAS)10.41.1.2/30->10.41.1.1(RTR)(PubIP)->INet
>
>>
>> The functionality needed on the RRAS Server is this:
> NAT - OK
> DHCP Server - OK, but any internal server can do.
> DNS Forwarder - OK, but any internal server can do.
> Firewall - OK
>>
>> I understand that I need to install the RRAS for "NAT" :
>
> OK
>
>> Then my plan is to assign the RRAS one private IP to the inside LAN and 
>> one of the public IPs that we are given by our ISP to the other 
>> interface.
>
> OK. You will have to sort this with ISP. See example above, you may be 
> given private IP.
>
>> On the RRAS, I would need to set the default Gateway to the IP-Nr of the 
>> ISP Router..?
>
> Yes.
>
>> And the ISP Router's default GW must point to the RRAS..?
>
> No. If the ISP router is on your location, the def GW on internal 
> interface is not defined (blank). On the external interface it points to 
> another ISP's router.
> If the ISP router is in ISP's location, you will not have access to it 
> anyway.
>
>> For DNS  I would assign the ISP's DNS Server to the RRAS ? RRAS will then 
>> act as as DNS forwarder / proxy for the clients ?
>
> You can install DNS on RRAS. If you are not hosting any services (web, 
> mail etc), bind it so that it listens only on the internal interface. 
> Configure forwarder to the ISP's DNS server. Configure all internal 
> clients to use RRAS internal IP as DNS.
>
>>
>> And if I install RRAS for NAT - do I need to configure any "Remote access 
>> policies" ?
>
> No, you don't
>
>> Or "Remote Access Loging" ?
>
> The default logging is OK,
>
>>
>>
>> I have read about 3ry party software NAT router like NAT32 - when would I 
>> use something like NAT32 instead of RRAS..?
>
> If it's ADSL, it can be configured for router mode. But ISP's are rather 
> unhelpfull about this config. Some even say it is unsupported. However, 
> you may use your favorite Internet search to find how to configure ADSL 
> Router Mode
>
>>
>> Thank you very much
>>
>> Heinz
>
> Good luck, Heinz.
> DuskoS
>
> 


0
Heinz
2/2/2010 6:18:46 PM
In line...

"Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
news:eVb6aPDpKHA.1548@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> thank you very much for your answers.
>
> If I  use a proxy like ISA 2006 then the users would need a proxy-setting 
> in their internetbrowsers - right?

Not quite. You can configure your network so that default gateway targets 
ISA Server's internal address. This type of connection is unauthenticated.

ISA Server also knows two more types of clients:
a) Web proxy clients. This is the type that you configure in web browser.
b) Firewall client. You need to install a piece of client software (can be 
done with Group Policy).

These two types of access can be authenticated.

Simple rule - choose only one type of access on each client.

> This is a problem in my environment (I can not use policies etc.)...a 
> default gateway (RRAS server) I can distribute using DHCP... but a 
> proxy...?
>
> thank you

You're welcome

>
> "Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
> news:<eU$jydRoKHA.5524@TK2MSFTNGP05.phx.gbl>...
>> Hi Heinz,
>>
>> Your scenario is typical for ISA Server 2006. However, Microsoft recently 
>> released Forefront Threat Management Gateway 2010 which is the new 
>> generation of ISA server. However, TMG works on 64-bit Win 2008.
>>
>> Anyway, for a small network you can use NAT feature built into WIn 2003 
>> RRAS.
>>
>> The other answers inline...
>>
>> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
>> news:uwMwG#PoKHA.1556@TK2MSFTNGP05.phx.gbl...
>> > Hello,
>> >
>> > I have to install a RRAS server under Win2003 R2
>> >
>> > This will be used to connect a private LAN to the Internet using a 
>> > permanent internet connection via an ISP Router
>> >
>> > What I have read so far about RRAS configuration assumed that the RRAS 
>> > server was itself directly connected to the internet (one networkcard 
>> > using Dial-Up...)
>>
>> Yes, external network interface can be Dial-Up modem (demand dial 
>> interface).
>>
>> >
>> > But my environment is a ISP router to which I need to connect the RRAS 
>> > server.
>> > So basically I need to do this:
>> >
>> > Client(PrivIP)---->(PrivIP)RRAS(PubIP)--->(PubIP)ISPRouter(PubIP)--->Internet
>>
>> Yes, this is OK, although I suppose that ISP will allocate only one 
>> public IP address to you. In that case, there will be:
>>
>> Client(PrivIP)--->(PrivIP)RRAS(PrivIP)--->(PrivIP)ISPRouter(PubIP)--->Internet
>> Example:
>> 10.10.1.100/24->10.10.1.1(RRAS)10.41.1.2/30->10.41.1.1(RTR)(PubIP)->INet
>>
>> >
>> > The functionality needed on the RRAS Server is this:
>> NAT - OK
>> DHCP Server - OK, but any internal server can do.
>> DNS Forwarder - OK, but any internal server can do.
>> Firewall - OK
>> >
>> > I understand that I need to install the RRAS for "NAT" :
>>
>> OK
>>
>> > Then my plan is to assign the RRAS one private IP to the inside LAN and 
>> > one of the public IPs that we are given by our ISP to the other 
>> > interface.
>>
>> OK. You will have to sort this with ISP. See example above, you may be 
>> given private IP.
>>
>> > On the RRAS, I would need to set the default Gateway to the IP-Nr of 
>> > the ISP Router..?
>>
>> Yes.
>>
>> > And the ISP Router's default GW must point to the RRAS..?
>>
>> No. If the ISP router is on your location, the def GW on internal 
>> interface is not defined (blank). On the external interface it points to 
>> another ISP's router.
>> If the ISP router is in ISP's location, you will not have access to it 
>> anyway.
>>
>> > For DNS  I would assign the ISP's DNS Server to the RRAS ? RRAS will 
>> > then act as as DNS forwarder / proxy for the clients ?
>>
>> You can install DNS on RRAS. If you are not hosting any services (web, 
>> mail etc), bind it so that it listens only on the internal interface. 
>> Configure forwarder to the ISP's DNS server. Configure all internal 
>> clients to use RRAS internal IP as DNS.
>>
>> >
>> > And if I install RRAS for NAT - do I need to configure any "Remote 
>> > access policies" ?
>>
>> No, you don't
>>
>> > Or "Remote Access Loging" ?
>>
>> The default logging is OK,
>>
>> >
>> >
>> > I have read about 3ry party software NAT router like NAT32 - when would 
>> > I use something like NAT32 instead of RRAS..?
>>
>> If it's ADSL, it can be configured for router mode. But ISP's are rather 
>> unhelpfull about this config. Some even say it is unsupported. However, 
>> you may use your favorite Internet search to find how to configure ADSL 
>> Router Mode
>>
>> >
>> > Thank you very much
>> >
>> > Heinz
>>
>> Good luck, Heinz.
>> DuskoS
>>
> "Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
> news:eU$jydRoKHA.5524@TK2MSFTNGP05.phx.gbl...
>> Hi Heinz,
>>
>> Your scenario is typical for ISA Server 2006. However, Microsoft recently 
>> released Forefront Threat Management Gateway 2010 which is the new 
>> generation of ISA server. However, TMG works on 64-bit Win 2008.
>>
>> Anyway, for a small network you can use NAT feature built into WIn 2003 
>> RRAS.
>>
>> The other answers inline...
>>
>> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
>> news:uwMwG#PoKHA.1556@TK2MSFTNGP05.phx.gbl...
>>> Hello,
>>>
>>> I have to install a RRAS server under Win2003 R2
>>>
>>> This will be used to connect a private LAN to the Internet using a 
>>> permanent internet connection via an ISP Router
>>>
>>> What I have read so far about RRAS configuration assumed that the RRAS 
>>> server was itself directly connected to the internet (one networkcard 
>>> using Dial-Up...)
>>
>> Yes, external network interface can be Dial-Up modem (demand dial 
>> interface).
>>
>>>
>>> But my environment is a ISP router to which I need to connect the RRAS 
>>> server.
>>> So basically I need to do this:
>>>
>>> Client(PrivIP)---->(PrivIP)RRAS(PubIP)--->(PubIP)ISPRouter(PubIP)--->Internet
>>
>> Yes, this is OK, although I suppose that ISP will allocate only one 
>> public IP address to you. In that case, there will be:
>>
>> Client(PrivIP)--->(PrivIP)RRAS(PrivIP)--->(PrivIP)ISPRouter(PubIP)--->Internet
>> Example:
>> 10.10.1.100/24->10.10.1.1(RRAS)10.41.1.2/30->10.41.1.1(RTR)(PubIP)->INet
>>
>>>
>>> The functionality needed on the RRAS Server is this:
>> NAT - OK
>> DHCP Server - OK, but any internal server can do.
>> DNS Forwarder - OK, but any internal server can do.
>> Firewall - OK
>>>
>>> I understand that I need to install the RRAS for "NAT" :
>>
>> OK
>>
>>> Then my plan is to assign the RRAS one private IP to the inside LAN and 
>>> one of the public IPs that we are given by our ISP to the other 
>>> interface.
>>
>> OK. You will have to sort this with ISP. See example above, you may be 
>> given private IP.
>>
>>> On the RRAS, I would need to set the default Gateway to the IP-Nr of the 
>>> ISP Router..?
>>
>> Yes.
>>
>>> And the ISP Router's default GW must point to the RRAS..?
>>
>> No. If the ISP router is on your location, the def GW on internal 
>> interface is not defined (blank). On the external interface it points to 
>> another ISP's router.
>> If the ISP router is in ISP's location, you will not have access to it 
>> anyway.
>>
>>> For DNS  I would assign the ISP's DNS Server to the RRAS ? RRAS will 
>>> then act as as DNS forwarder / proxy for the clients ?
>>
>> You can install DNS on RRAS. If you are not hosting any services (web, 
>> mail etc), bind it so that it listens only on the internal interface. 
>> Configure forwarder to the ISP's DNS server. Configure all internal 
>> clients to use RRAS internal IP as DNS.
>>
>>>
>>> And if I install RRAS for NAT - do I need to configure any "Remote 
>>> access policies" ?
>>
>> No, you don't
>>
>>> Or "Remote Access Loging" ?
>>
>> The default logging is OK,
>>
>>>
>>>
>>> I have read about 3ry party software NAT router like NAT32 - when would 
>>> I use something like NAT32 instead of RRAS..?
>>
>> If it's ADSL, it can be configured for router mode. But ISP's are rather 
>> unhelpfull about this config. Some even say it is unsupported. However, 
>> you may use your favorite Internet search to find how to configure ADSL 
>> Router Mode
>>
>>>
>>> Thank you very much
>>>
>>> Heinz
>>
>> Good luck, Heinz.
>> DuskoS
>>
>>
>
> 
0
Dusko
2/2/2010 6:40:43 PM
"Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
news:uf3W7cDpKHA.3948@TK2MSFTNGP06.phx.gbl...
> In line...
>
> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
> news:eVb6aPDpKHA.1548@TK2MSFTNGP04.phx.gbl...

>> If I  use a proxy like ISA 2006 then the users would need a proxy-setting 
>> in their internetbrowsers - right?

> Not quite. You can configure your network so that default gateway targets 
> ISA Server's internal address. This type of connection is unauthenticated.


Hello,

I have installed ISA2006 SP1(Standard Edition)
The ISA server has two networkcards, one to the Internet the other one to 
the internal LAN.
Clients from the internal LAN can access the internet through the ISA - but 
only if the client sets its proxysetting in Internetexplorer to the ISA 
Server.

If I understood your post correctly, the client should be able to connect to 
the internet through the ISA without using a proxysetting - if the ISA is 
acting as the default gateway?
I have configured the ISA's internal IP-Nr  as the default gateway for the 
clients - but the clients can not access the internet.
I can not see any connection attempts in the ISA's monitoring.

Any idea what I must do if I want to connect clients to the internet through 
ISA without setting a proxyserver in the clients browser?

thank you
Heinz





0
Steffen
2/3/2010 1:06:58 PM
In line ...

"Steffen Meier" <no@Spam.org> wrote in message 
news:OYMWGHNpKHA.1548@TK2MSFTNGP02.phx.gbl...
> "Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
> news:uf3W7cDpKHA.3948@TK2MSFTNGP06.phx.gbl...
>> In line...
>>
>> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
>> news:eVb6aPDpKHA.1548@TK2MSFTNGP04.phx.gbl...
>
>>> If I  use a proxy like ISA 2006 then the users would need a 
>>> proxy-setting in their internetbrowsers - right?
>
>> Not quite. You can configure your network so that default gateway targets 
>> ISA Server's internal address. This type of connection is 
>> unauthenticated.
>
>
> Hello,
>
> I have installed ISA2006 SP1(Standard Edition)
> The ISA server has two networkcards, one to the Internet the other one to 
> the internal LAN.
> Clients from the internal LAN can access the internet through the ISA - 
> but only if the client sets its proxysetting in Internetexplorer to the 
> ISA Server.
>
> If I understood your post correctly, the client should be able to connect 
> to the internet through the ISA without using a proxysetting - if the ISA 
> is acting as the default gateway?

Yes that is correct. This type of client ISA client is called "Secure NAT 
client".

> I have configured the ISA's internal IP-Nr  as the default gateway for the 
> clients - but the clients can not access the internet.
> I can not see any connection attempts in the ISA's monitoring.
>
> Any idea what I must do if I want to connect clients to the internet 
> through ISA without setting a proxyserver in the clients browser?

It may be that your ISA Server is configured to require authentication. In 
that case Secure NAT client cannot work. Secure NAT client is only capable 
of establishing anonymous connections.

Perhaps the following article will help you. There are many more articles on 
this excellent web site.
http://www.isaserver.org/tutorials/The_SecureNAT_Client.html

>
> thank you
> Heinz

You're welcome and

Good luck
 

0
Dusko
2/3/2010 1:24:08 PM
"Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
news:%23qs0rQNpKHA.3792@TK2MSFTNGP06.phx.gbl...
> In line ...
>
> "Steffen Meier" <no@Spam.org> wrote in message 
> news:OYMWGHNpKHA.1548@TK2MSFTNGP02.phx.gbl...
>> "Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
>> news:uf3W7cDpKHA.3948@TK2MSFTNGP06.phx.gbl...
>>> In line...
>>>
>>> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
>>> news:eVb6aPDpKHA.1548@TK2MSFTNGP04.phx.gbl...
>>
>>>> If I  use a proxy like ISA 2006 then the users would need a 
>>>> proxy-setting in their internetbrowsers - right?
>>
>>> Not quite. You can configure your network so that default gateway 
>>> targets ISA Server's internal address. This type of connection is 
>>> unauthenticated.
>>
>>
>> Hello,
>>
>> I have installed ISA2006 SP1(Standard Edition)
>> The ISA server has two networkcards, one to the Internet the other one to 
>> the internal LAN.
>> Clients from the internal LAN can access the internet through the ISA - 
>> but only if the client sets its proxysetting in Internetexplorer to the 
>> ISA Server.
>>
>> If I understood your post correctly, the client should be able to connect 
>> to the internet through the ISA without using a proxysetting - if the ISA 
>> is acting as the default gateway?
>
> Yes that is correct. This type of client ISA client is called "Secure NAT 
> client".
>
>> I have configured the ISA's internal IP-Nr  as the default gateway for 
>> the clients - but the clients can not access the internet.
>> I can not see any connection attempts in the ISA's monitoring.
>>
>> Any idea what I must do if I want to connect clients to the internet 
>> through ISA without setting a proxyserver in the clients browser?
>
> It may be that your ISA Server is configured to require authentication. In 
> that case Secure NAT client cannot work. Secure NAT client is only capable 
> of establishing anonymous connections.
>
> Perhaps the following article will help you. There are many more articles 
> on this excellent web site.
> http://www.isaserver.org/tutorials/The_SecureNAT_Client.html
>

Hello,

now it works - thank you for your help!

Now I wonder if it is possible to get some reporting / logging when using 
SecureNAT clients :-)
I understand that I wont get Usernames or URLs in any reports or logs - but 
now, when I create a report in ISA this report is empty, no IP-Nr or traffic 
is in the report.

I can see some information like IP-Numbers  etc. in the (raw-)logfiles, but 
I see nothing in the reports that I can create in ISA, all reports that I 
have created are empty.

thank you




0
Heinz
2/3/2010 4:49:13 PM
Down...

"Heinz" <no@Spam.org> wrote in message 
news:uMxLSDPpKHA.1548@TK2MSFTNGP06.phx.gbl...
>
> "Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
> news:%23qs0rQNpKHA.3792@TK2MSFTNGP06.phx.gbl...
>> In line ...
>>
>> "Steffen Meier" <no@Spam.org> wrote in message 
>> news:OYMWGHNpKHA.1548@TK2MSFTNGP02.phx.gbl...
>>> "Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
>>> news:uf3W7cDpKHA.3948@TK2MSFTNGP06.phx.gbl...
>>>> In line...
>>>>
>>>> "Heinz" <spacewalker4711(noSpam)@hotmail.com> wrote in message 
>>>> news:eVb6aPDpKHA.1548@TK2MSFTNGP04.phx.gbl...
>>>
>>>>> If I  use a proxy like ISA 2006 then the users would need a 
>>>>> proxy-setting in their internetbrowsers - right?
>>>
>>>> Not quite. You can configure your network so that default gateway 
>>>> targets ISA Server's internal address. This type of connection is 
>>>> unauthenticated.
>>>
>>>
>>> Hello,
>>>
>>> I have installed ISA2006 SP1(Standard Edition)
>>> The ISA server has two networkcards, one to the Internet the other one 
>>> to the internal LAN.
>>> Clients from the internal LAN can access the internet through the ISA - 
>>> but only if the client sets its proxysetting in Internetexplorer to the 
>>> ISA Server.
>>>
>>> If I understood your post correctly, the client should be able to 
>>> connect to the internet through the ISA without using a proxysetting - 
>>> if the ISA is acting as the default gateway?
>>
>> Yes that is correct. This type of client ISA client is called "Secure NAT 
>> client".
>>
>>> I have configured the ISA's internal IP-Nr  as the default gateway for 
>>> the clients - but the clients can not access the internet.
>>> I can not see any connection attempts in the ISA's monitoring.
>>>
>>> Any idea what I must do if I want to connect clients to the internet 
>>> through ISA without setting a proxyserver in the clients browser?
>>
>> It may be that your ISA Server is configured to require authentication. 
>> In that case Secure NAT client cannot work. Secure NAT client is only 
>> capable of establishing anonymous connections.
>>
>> Perhaps the following article will help you. There are many more articles 
>> on this excellent web site.
>> http://www.isaserver.org/tutorials/The_SecureNAT_Client.html
>>
>
> Hello,
>
> now it works - thank you for your help!
>
> Now I wonder if it is possible to get some reporting / logging when using 
> SecureNAT clients :-)
> I understand that I wont get Usernames or URLs in any reports or logs - 
> but now, when I create a report in ISA this report is empty, no IP-Nr or 
> traffic is in the report.
>
> I can see some information like IP-Numbers  etc. in the (raw-)logfiles, 
> but I see nothing in the reports that I can create in ISA, all reports 
> that I have created are empty.
>

You can get reports, but instead of names, you will get IP addresses.
It is simplest to schedule daily report, which runs at 1:00 AM (IIRC). Just 
run the wizard.

I guess you have to wait for at least 24 hours untill you get reports.

You can always get live view of traffic (packets passing thru ISA Server).
Just go to www.isaserver.org . There is wealth of information there.
Some articles are about ISA 2004, but they apply to ISA 2006. ISA 2000 is 
older and different architecture than ISA2004/2006, but some princples from 
2000 still apply (like types of ISA Server clients).

> thank you

You're welcome.
 

0
Dusko
2/3/2010 6:41:42 PM
"Dusko Savatovic" <savatovic@nospam.gmail.com> schrieb im Newsbeitrag 
news:uRv0JCQpKHA.1552@TK2MSFTNGP04.phx.gbl...
> Down...
>
> "Heinz" <no@Spam.org> wrote in message 
> news:uMxLSDPpKHA.1548@TK2MSFTNGP06.phx.gbl...

.....

>> Now I wonder if it is possible to get some reporting / logging when using 
>> SecureNAT clients :-)
>> I understand that I wont get Usernames or URLs in any reports or logs - 
>> but now, when I create a report in ISA this report is empty, no IP-Nr or 
>> traffic is in the report.
>>
>> I can see some information like IP-Numbers  etc. in the (raw-)logfiles, 
>> but I see nothing in the reports that I can create in ISA, all reports 
>> that I have created are empty.
>>
>
> You can get reports, but instead of names, you will get IP addresses.
> It is simplest to schedule daily report, which runs at 1:00 AM (IIRC). 
> Just run the wizard.
>
> I guess you have to wait for at least 24 hours untill you get reports.
>
> You can always get live view of traffic (packets passing thru ISA Server).
> Just go to www.isaserver.org . There is wealth of information there.
> Some articles are about ISA 2004, but they apply to ISA 2006. ISA 2000 is 
> older and different architecture than ISA2004/2006, but some princples 
> from 2000 still apply (like types of ISA Server clients).

thank you, I will check www.isaserver.org for some realtime traffic monitor

Heinz


0
Heinz
2/3/2010 7:20:01 PM
Reply:

Similar Artilces:

Ms CRM 30
Dear all. I need your precious help in configuring security roles. We the following organization: 2 business units, called A and B. A has 2 child business units, called A1 and A2. We would like that: - contacts under A1 or A2 must be visible (read-only) by all users under A1 or A2 but editable only by users in owner business unit (i.e. contacts in A1 are read-only for A2 and read-write for A1, contacts in A2 are read-only for A1 and read-write for A2) - but contacts in B must be visible and editable only by users in B. I tried several configurations of users and roles but I can’t find the ...

Backup question
I've moved to a new pc and for some reason I thought that when you backed up, a new file was created. Am I right? At the moment, it's just backing up to the backup file. So I've just just my working file and my backup file. Please could you clarify this? Thanks again. In microsoft.public.money, abc wrote: >I've moved to a new pc and for some reason I thought that when you >backed up, a new file was created. Am I right? At the moment, it's >just backing up to the backup file. So I've just just my working file >and my backup file. P...

Question about Xml Schemas "qualified" and "unqualified"
In the textbook, there is a sentence that "Default XML namespaces(xmlns="...") helps a lot, but can also create problems, as a side effect of the rules for automatic qualification. How to understand "automatic qualification" here? Could you please give me an example? Secondly, unless otherwise specified, a schema prescribes that loal elements and attributes must be "unqualified". What does "unqualified" mean? Could you please giv eme an example? Finnaly, could you please tell me what's purpose of using these two things? Thanks a lot! ...

a question and a question
What is the correct name of the type of selection box used in "customizing Word", for example.... you select a word or operation from a list on the left pane and move it over to the right pane. Is there a template to build one of these? thanx You will have to explain more in detail what you are trying to do. -- Stefan Blom Microsoft Word MVP "cliffordjf" <cliffordjf@discussions.microsoft.com> wrote in message news:9856CCA7-8A8E-440C-A0D4-76EE4FA644E2@microsoft.com... > What is the correct name of the type of selection box used in "c...

Question about Paste Special
Hi, I have a problem sometimes with the paste special options when goin from one excel workbook to another. For example, sometimes when I cop data from one workbook and then paste special into another, I get th options that include: All, formulas, values, formats, has the option t transpose the data and paste link among other options. And the sometimes I try and paste data to another workbook and I end up th paste special options: Bitmap Image Object, picture, bitmap, and I als lose the ability to paste link. Well you can do it, but it puts it i as an object. What I want is the first past...

IE8 privacy question
I am running XP-Pro SP3 and considering upgrading from IE7 to IE8. I have read all the feature and benefit articles from MS, but have one question that remains unanswered. In IE8 there is mention of being able to restore previously viewed websites or something to that effect. I think this is on a drop down menu somewhere. 1) Does In-private viewing prevent this? 2) Does manually deleting your complete browsing history clear this? 3) Is there a registry entry that can prevent this action? 4) Is there a group policy change that can prevent this action? In essence for privacy pur...

IF AND question
Hi there, I need a function that can provide one of three answers: 1 2 1 1... 3 3 4 4... ? ? ? ?... If A1 = 1 and A2=3, answer 106; but if A1=1 and A2 = 4, answer 104; but if A1=2, regardless of A2, answer 95. The next function for column B is the same, except the answer is dependent on the value delivered from the column A function. E.g. A3 + 6 or A3 +4 or A3-5 etc. Any help would be most appreciated. -- ***** Many thanks Gamq Use the below formula for your first query. =IF(A1="","",IF(A1=2,95,IF(AND(A1=1,A2=3),106,IF(AND(A1=1,A2=4),104)))) ...

Microsoft Query question
I am trying to use Microsoft Query to get data from my SQL 2000 databases. The problem is that I have a few columns with names that conflict with keywords (like Identity). (Yes. I kow that keywords should be avoided but it is done and cannot be changed.) This is causing a keyword syntax error within the Query application. Oddly enough, even if I do not select the column the error still appears. And when you look at all the columns available, the keyword named column shows up in boldface. When I am doing queries in other programs I put square ("[ ]") brackets around column and table...

Question
Why did the chicken cross the road? -- Dr. Stephen Hopkins, MD "Dr. Stephen Hopkins, MD" <DrStephenHopkinsMD@discussions.microsoft.com> wrote in message news:B8434E21-DDA3-44D7-B39B-CD5A8C33A7BD@microsoft.com... > Why did the chicken cross the road? > -- > Dr. Stephen Hopkins, MD To collect her email, why else? Dr? You should be ashamed to put such a title on an idiotic off topic post !! -- Regards Steve. MS-MVP. MAIL. [DTS] UK. http://www.getsafeonline.org/ mac;1266180 Wrote: > "Dr. Stephen Hopkins, MD" <DrSte...

OWA Question #16
Hello All: Quick Question regarding OWA. We are about to finalize migration from 5.5 to 2003. We have an existing web presence already in DNS a www.mydomain.com. and running on existing web servers. With 5.5 natrually, to access OWA, it was www.mydomain.com/exchange. This will not be possible now since OWA runs off of the Exchange server instead of relying on our web server under 5.5. What's the easiest way to overcome this. Thanks If you can afford the extra license, you'll probably want to run a front-end server so no one is connecting directly to the Exchange database s...

Text Box Question
Greetings, I have been using Visio for years, however, something has happened and I can't figure out how to undo it. Basically up until today when I added a text box and entered text, the text went horizontal as it was typed. Today when I add a text box and enter text, the text goes vertical. How do I get back to the old behavior? TIA using text container shape adjusting tool (text block tool), make the text container shape wider horizontally. Have you used Asian text font recently?...check help for "vertical text" "Ray Batig" wrote: > Greetings, > &g...

401K questions
I just started a 401K at work and I'm wondering how to deal with it in Money. I've got my paycheck split into different categories currently and now I have to put the 401K amount into a category as well. I didn't see one specifically for this. What do other people use? Should I start using the 401K Manager? I haven't gone through it yet I'm just wondering if it works well and how much benefit I'll get from it. Thanks in advance! Mike You will want to create an investment account for the 401(k) and TRANSFER your contributions from your checking account to the...

VBA//Oracle Interfacing Question
All, I have been able to correct to my database but I have one question question: Within objSession I want to list all available tables and all available views. How exactly is this done? thank you. Set objSession = CreateObject("OracleInProcServer.XOraSession") Set objDatabase = objSession.OpenDatabase("", "User/Pass", 0) On Nov 16, 12:05=A0pm, jason <jason.mell...@gmail.com> wrote: > All, > > I have been able to correct to my database but I have one question > question: > > Within objSession I want to list all avail...

If / Then Question
How would I do this: IF A1="N" then I need A2 and A3 to="N/A -- pkniven ----------------------------------------------------------------------- pknivens's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=2767 View this thread: http://www.excelforum.com/showthread.php?threadid=47531 pknivens Wrote: > How would I do this: > > IF A1="N" then I need A2 and A3 to="N/A" Hi pknivens In A2 and A3 use this formula > =IF(A1="N","N/A",""), this will return blank if A1 is not N, if you want it...

ROWCOUNT question
Hi All, The below is a UDF that returns the ROWCOUNT for a table. I need to know that value for WHILE loop. How do I take the Returned value from the UDF and load it intio a variable in the SP where it was called from? Or maybe there is another way. ALTER FUNCTION [dbo].[RecCount] ( @TableName CHAR(15) ) RETURNS TABLE AS RETURN ( SELECT Rows FROM sysindexes WHERE id = OBJECT_ID(@TableName) AND indid < 2 ) Thanks, Eric Eric S (xxx_noSpam@Hotmail.com) writes: > The below is a UDF that returns the ROWCOUNT for a table. I need to know > that va...

Trying to configure Xchng 2K3 to relay shared SMTP address....HELP!
All, In trying to setup up a list server (Lyris) behind our Exchange 2K3 server to share same address space (domain.com), I have configured the default recipient policy to be non-authoritative for (@domain.com) and authoritative for (@local). I then created an additional higher priority recipient policy and set (@domain.com) as primary and left (@local) as secondary. As noted in Article 321721: Because Exchange is now non-authoritative for the domain, when Exchange cannot find a matching address in AD, it tries to find an external path to that namespace, FIRST by looking for a connector, an...

configure devices
how can we configure receit printer ,barcode scanner, optical scanner and the cash drawer with microsoft dynamics Point of sale ...

Exmerge Question #7
When I run Exmerge on a mailbox on my 2003 server to export to a PST, it will delete all emails after the copy. I thought EXmerge would "copy" not delete. is this the default? If so how can I just have it do a copy out to the PST and leave the mailbox alone. thanks Rick in "options", make sure "archive data to target store" is not selected on the "Import procedure" tab... -- Susan Conkey [MVP] "Rick" <drummer10980@gmail.com> wrote in message news:1165509540.777142.38260@16g2000cwy.googlegroups.com... > When I run Exmerge on ...

How to configure WebMail
We are running Windows 2003 Small Business with Exchange. The WebMail works from inside. What do I have to do to be able to access WebMail from outside. Thanks Ron On your firewall, open http/https port to your server. Most commercial firewalls will require 2 steps to make this happen: 1) A NAT (network address translation) mapping the internal/private IP address of your server to an external ip address and 2) An access rule that allows traffic on particular IP port(s) - http/https in this case - to your server. Additionally, if there is no A record mapping this external IP to a fqdn...

question about "delete"
I have a pointer: MyWindowClass *p = NULL; p = new MyClass(...); .... delete p; After delete p, does p equal NULL(it is in C++ standard?)? How to decide if p has been deleted? The reason I asked this question is that in my project, there are many code/files use the pointer which I need to determine is it is deleted? Can I use: if(p != NULL) delete p; I guess somewhere p has been deleted, but p still not NULL(possible?), the above code might cause problem. Hi Kathy, I typically just set p to NULL when I delete it: delete p; p = NULL; Then you can check it in other places and ...

More combining companies questions
We too have acquired another company and need to look at all of our options concerning what to do with email. We run Exchange 2003, they run Exchange 2000. What is the best way to combine the two so we can share GAL, free-busy info, etc.? No decisions have been made as far as what we are going to do with their AD. We could of course change their MX record to point to our server, update our RUS, etc., but what if we want to keep an Exchange server at their site? What has to be done to join their server to our Exchange org? If you want sync both GAL,pls check this http://www.microso...

switchboard question 12-26-07
Is there a way to put the names of different switchboard pages on the switchboard form? If you put one name on a switchboard page (in form design view), the same name appears on all the switchboard pages. I understand why this happens, but what if I want the user to be able to know which switchboard s/he is on? Thanks. PS the same thing happens if I go into form design view and put in control tip text. It puts the same text for the same-numbered menu item on two different switchboard pages. "Debbie S." wrote: > Is there a way to put the names of different switchboard ...

Some Questions about Outlook
1. what's the max size of attachment for sending email? 2. newMail notifitor: when there is a new mail, can the tary be changed to other until i check the mail? can it work with hotmail? 3. is there any function likes "To Do List"; calendar require time setting? 4. configure file backup; can i back up all of my setting? -- Me, Who I am On Sun, 7 May 2006 22:17:01 -0700, Dotku <lwjct@hotmail.com> wrote: >1. what's the max size of attachment for sending email? That would depend on your mail server/ISP. >2. newMail notifitor: when there is a new mail, can the ...

Simple CRM 3.0 Questions
- If an account is no longer active, what's the process to make it inactive? - Can a lead have multiple contacts, with one acting as the primary contact? - When I create a new lead, what the 'Topic' field usually used for? - When creating a lead, on the Details Page, how can I add entries into the 'Industry' and 'Lead Source' drop down lists? - Will CRM track all e-mails associated with a lead? How do I ensure this? - How do I promote a Lead to an Opportunity to an Account? - What's the real definition of an Opportunity? It seems so grey compared to...

Toolbar question
I have created a combo box on my toolbar. I am using 32 x 32 buttons, so my combo box is sitting high up. I would like to move it down to the center of the toolbar. To create it I used the following code, CRect rect; SetButtonInfo(14, IDC_FILTERNAMECB, TBBS_SEPARATOR, 200); GetItemRect(14, &rect); rect.bottom = rect.top + 200; m_cbFilterNames.Create(WS_TABSTOP | WS_VISIBLE | WS_VSCROLL | CBS_DROPDOWNLIST | CBS_HASSTRINGS | CBS_SORT, rect, this, IDC_FILTERNAMECB); How do I tell it to place itself in the center of the toolbar? Here is my code: code is from inherited CToolba...