Prev: DCOM error
Next: Sender ID Filtering vs. SBS Fax Server
From: Oswaldo on 7 Jul 2006 10:47 Crina, Other question, what should I put on the prefered and alternate DNS server on the properties of the LAN connection? Should I put the Internal IP of the ISA server or the DNS from my ISP? Thanks a lot Oswaldo -- Oswaldo Cortes ""Crina Li"" wrote: > Hi Oswaldo, > > Thanks for your updates. > > SecureNAT means you need to configure the internal IP of the ISA server as > client's default gateway. For your issue, I also recommend you to involve > the Cisco support. Some settings on the VPN client or the server could also > affect the VPN connection through a firewall. > > Thanks for your time and I look forward to hearing from you. > > Best regards, > > Crina Li (MSFT) > > Microsoft CSS Online Newsgroup Support > > Get Secure! - www.microsoft.com/security > > ===================================================== > This newsgroup only focuses on SBS technical issues. If you have issues > regarding other Microsoft products, you'd better post in the corresponding > newsgroups so that they can be resolved in an efficient and timely manner. > You can locate the newsgroup here: > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx > > When opening a new thread via the web interface, we recommend you check the > "Notify me of replies" box to receive e-mail notifications when there are > any updates in your thread. When responding to posts via your newsreader, > please "Reply to Group" so that others may learn and benefit from your > issue. > > Microsoft engineers can only focus on one issue per thread. Although we > provide other information for your reference, we recommend you post > different incidents in different threads to keep the thread clean. In doing > so, it will ensure your issues are resolved in a timely manner. > > For urgent issues, you may want to contact Microsoft CSS directly. Please > check http://support.microsoft.com for regional support phone numbers. > > Any input or comments in this thread are highly appreciated. > > ===================================================== > > This posting is provided "AS IS" with no warranties, and confers no rights. > -------------------- > | Thread-Topic: ISA 2004 cisco SSL vpn client > | thread-index: AcahQc04C2KJ/haJT8iyJ/bcZhbA+g== > | X-WBNR-Posting-Host: 208.33.47.68 > | From: =?Utf-8?B?T3N3YWxkbw==?= <Oswaldo(a)discussions.microsoft.com> > | References: <u$97GScfGHA.4852(a)TK2MSFTNGP05.phx.gbl> > <W3yb27NoGHA.2028(a)TK2MSFTNGXA01.phx.gbl> > | Subject: RE: ISA 2004 cisco SSL vpn client > | Date: Thu, 6 Jul 2006 14:19:01 -0700 > | Lines: 108 > | Message-ID: <CE543673-D801-4FD2-9BFC-F36FC1422480(a)microsoft.com> > | MIME-Version: 1.0 > | Content-Type: text/plain; > | charset="Utf-8" > | Content-Transfer-Encoding: 7bit > | X-Newsreader: Microsoft CDO for Windows 2000 > | Content-Class: urn:content-classes:message > | Importance: normal > | Priority: normal > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 > | Newsgroups: microsoft.public.windows.server.sbs > | Path: TK2MSFTNGXA01.phx.gbl > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:279547 > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250 > | X-Tomcat-NG: microsoft.public.windows.server.sbs > | > | Hi Crina, > | I read all the articles and followed the instructions but I keep getting > the > | same error. One diference with the problems listed on some articles is > that > | they can get connected but I am unable to connect. After the Active X > | installer starts I get a screen asking me for my proxy credentials I put > the > | correct User and Password and I get the screen telling me that The SSL > VPN > | Client was unable to succesfully verify the IP forwarding table > | modifications. If put the wrong User/Pass or leave it blank I get other > | screen telling me that Proxy authentication failed using the supplied > | credentials. > | I have the 3 protocols two, that were already there and the 10000 port > that > | I added, and I have the access rule to allow the traffic from Internal to > | External. I checked that the CEICW has Virtual Private Networking (VPN) > | selected in the Services Configuration page. And I know that VPN site is > | using Cisco VPN 3030.The only thing that I don't know how to check is > that > | the clients are running in SecureNAT mode. Please could you tell me? > | Also If you think that I need something else please let me know. > | Thank you very much for all your time and consideration. > | Regards, > | > | -- > | Oswaldo Cortes > | > | > | ""Crina Li"" wrote: > | > | > Hi Oswaldo, > | > > | > Thank you for posting. > | > > | > Please refer to my reply for mugen. > | > > | > Thanks for your time. > | > > | > Best regards, > | > > | > Crina Li (MSFT) > | > > | > Microsoft CSS Online Newsgroup Support > | > > | > Get Secure! - www.microsoft.com/security > | > > | > ===================================================== > | > This newsgroup only focuses on SBS technical issues. If you have issues > | > regarding other Microsoft products, you'd better post in the > corresponding > | > newsgroups so that they can be resolved in an efficient and timely > manner. > | > You can locate the newsgroup here: > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx > | > > | > When opening a new thread via the web interface, we recommend you check > the > | > "Notify me of replies" box to receive e-mail notifications when there > are > | > any updates in your thread. When responding to posts via your > newsreader, > | > please "Reply to Group" so that others may learn and benefit from your > | > issue. > | > > | > Microsoft engineers can only focus on one issue per thread. Although we > | > provide other information for your reference, we recommend you post > | > different incidents in different threads to keep the thread clean. In > doing > | > so, it will ensure your issues are resolved in a timely manner. > | > > | > For urgent issues, you may want to contact Microsoft CSS directly. > Please > | > check http://support.microsoft.com for regional support phone numbers. > | > > | > Any input or comments in this thread are highly appreciated. > | > > | > ===================================================== > | > > | > This posting is pr
From: "Crina Li" on 10 Jul 2006 03:11 Hi Oswaldo, Thanks for your update. You do not need to stop using DHCP and assign a static IP to the machine. You can configure as following: 1. Right click My Network Places and select Properties. 2. Right click Local Area Connection and select Properties. 3. High light TCP/IP and click Properties. 4. On General tab click Advanced button. 5. Add the internal NIC of ISA in Default gateways column in IP Settings tab. You also do not need to uninstall Firewall Client and can only stop it. I also recommend you to involve the Cisco support. Some settings on the VPN client or the server could also affect the VPN connection through a firewall. And you may need to know which protocols and ports needed to be used. For another issue, for 2 NICs on SBS, you may need to configure your SBS and client computer as following: On SBS server: External NIC: IP: assigned by your ISP or your hardware router Gateway: your ISP or your Hardware router IP DNS: SBS INTERNAL NIC IP as the only entry Internal NIC: IP: Fixed IP Gateway: None DNS: SBS INTERNAL NIC IP as the only entry In the DNS console (dnsmgmt.msc), right click your ServerName and click properties. In the Forwarders tab, your ISP DNS server IP should be inputted there. On workstation inside your SBS local subnet IP: Assigned by DHCP on SBS Gateway: SBS internal NIC IP DNS: SBS INTERNAL NIC IP as the only entry I appreciate your time and look forward to hearing from you. Best regards, Crina Li (MSFT) Microsoft CSS Online Newsgroup Support Get Secure! - www.microsoft.com/security ===================================================== This newsgroup only focuses on SBS technical issues. If you have issues regarding other Microsoft products, you'd better post in the corresponding newsgroups so that they can be resolved in an efficient and timely manner. You can locate the newsgroup here: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx When opening a new thread via the web interface, we recommend you check the "Notify me of replies" box to receive e-mail notifications when there are any updates in your thread. When responding to posts via your newsreader, please "Reply to Group" so that others may learn and benefit from your issue. Microsoft engineers can only focus on one issue per thread. Although we provide other information for your reference, we recommend you post different incidents in different threads to keep the thread clean. In doing so, it will ensure your issues are resolved in a timely manner. For urgent issues, you may want to contact Microsoft CSS directly. Please check http://support.microsoft.com for regional support phone numbers. Any input or comments in this thread are highly appreciated. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | Thread-Topic: ISA 2004 cisco SSL vpn client | thread-index: Acah1DThcMjMJc4CSB26JOX07pqjLA== | X-WBNR-Posting-Host: 208.33.47.68 | From: =?Utf-8?B?T3N3YWxkbw==?= <Oswaldo(a)discussions.microsoft.com> | References: <u$97GScfGHA.4852(a)TK2MSFTNGP05.phx.gbl> <W3yb27NoGHA.2028(a)TK2MSFTNGXA01.phx.gbl> <CE543673-D801-4FD2-9BFC-F36FC1422480(a)microsoft.com> <SDZNvqaoGHA.6028(a)TK2MSFTNGXA01.phx.gbl> | Subject: RE: ISA 2004 cisco SSL vpn client | Date: Fri, 7 Jul 2006 07:47:01 -0700 | Lines: 214 | Message-ID: <25D6F0EA-6F60-4CB4-BDEF-604E7E6F6D1C(a)microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain; | charset="Utf-8" | Content-Transfer-Encoding: 7bit | X-Newsreader: Microsoft CDO for Windows 2000 | Content-Class: urn:content-classes:message | Importance: normal | Priority: normal | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 | Newsgroups: microsoft.public.windows.server.sbs | Path: TK2MSFTNGXA01.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:279789 | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250 | X-Tomcat-NG: microsoft.public.windows.server.sbs | | Crina, | Other question, what should I put on the prefered and alternate DNS server | on the properties of the LAN connection? Should I put the Internal IP of the | ISA server or the DNS from my ISP? | Thanks a lot | Oswaldo | -- | Oswaldo Cortes | | | ""Crina Li"" wrote: | | > Hi Oswaldo, | > | > Thanks for your updates. | > | > SecureNAT means you need to configure the internal IP of the ISA server as | > client's default gateway. For your issue, I also recommend you to involve | > the Cisco support. Some settings on the VPN client or the server could also | > affect the VPN connection through a firewall. | > | > Thanks for your time and I look forward to hearing from you. | > | > Best regards, | > | > Crina Li (MSFT) | > | > Microsoft CSS Online Newsgroup Support | > | > Get Secure! - www.microsoft.com/security | > | > ===================================================== | > This newsgroup only focuses on SBS technical issues. If you have issues | > regarding other Microsoft products, you'd better post in the corresponding | > newsgroups so that they can be resolved in an efficient and timely manner. | > You can locate the newsgroup here: | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx | > | > When opening a new thread via the web interface, we recommend you check the | > "Notify me of replies" box to receive e-mail notifications when there are | > any updates in your thread. When responding to posts via your newsreader, | > please "Reply to Group" so that others may learn and benefit from your | > issue. | > | > Microsoft engineers can only focus on one issue per thread. Although we | > provide other information for your reference, we recommend you post | > different incidents in different threads to keep the thread clean. In doing | > so, it will ensure your issues are resolved in a timely manner. | > | > For urgent issues, you may want to contact Microsoft CSS directly. Please | > check http://support.microsoft.com for regional support phone numbers. | > | > Any input or comments in this thread are highly appreciated. | > | > ===================================================== | > | > This posting is provided "AS IS" with no warranties, and confers no rights. | > --------------
From: Oswaldo on 10 Jul 2006 11:18 Hi Crina, I followed you instructions to add the default gateway and checked all the settings on the Server and Client computers and they are correct, but I can't make it work yet. When I disable the Firewall Client and clear the proxy setting on IE, I can't connect to any website. I always get Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (1220) If I put the proxy information I can see the websites but I get the same error on the VPN. I think that my problem is that I have to create some access rules to allow the access to the External Network but I already created a rule to allow the protocols IKE Client port 500, IPsec port 4500 and Port 10000 from Internal to External but it's not working do you have any ideas? I contacted the IT deparment of the company that I am trying to connect with the VPN and told me that they don't know much about ISA and that this: We are setup for NAT-T, we are setup for Remote Access on the tunnel type. I don't have a option for Transparent unless I'm doing a Lan-to-Lan tunnel. This isn't a Lan-to-Lan. So they aren't helping that much. Thanks a lot for your help and I will be waiting for your comments. Regards, -- Oswaldo Cortes ""Crina Li"" wrote: > Hi Oswaldo, > > Thanks for your update. > > You do not need to stop using DHCP and assign a static IP to the machine. > You can configure as following: > > 1. Right click My Network Places and select Properties. > 2. Right click Local Area Connection and select Properties. > 3. High light TCP/IP and click Properties. > 4. On General tab click Advanced button. > 5. Add the internal NIC of ISA in Default gateways column in IP Settings > tab. > > You also do not need to uninstall Firewall Client and can only stop it. > > I also recommend you to involve the Cisco support. Some settings on the VPN > client or the server could also affect the VPN connection through a > firewall. And you may need to know which protocols and ports needed to be > used. > > For another issue, for 2 NICs on SBS, you may need to configure your SBS > and client computer as following: > > On SBS server: > > External NIC: > IP: assigned by your ISP or your hardware router > Gateway: your ISP or your Hardware router IP > DNS: SBS INTERNAL NIC IP as the only entry > > Internal NIC: > IP: Fixed IP > Gateway: None > DNS: SBS INTERNAL NIC IP as the only entry > > In the DNS console (dnsmgmt.msc), right click your ServerName and click > properties. In the Forwarders tab, your ISP DNS server IP should be > inputted there. > > On workstation inside your SBS local subnet > > IP: Assigned by DHCP on SBS > Gateway: SBS internal NIC IP > DNS: SBS INTERNAL NIC IP as the only entry > > I appreciate your time and look forward to hearing from you. > > Best regards, > > Crina Li (MSFT) > > Microsoft CSS Online Newsgroup Support > > Get Secure! - www.microsoft.com/security > > ===================================================== > This newsgroup only focuses on SBS technical issues. If you have issues > regarding other Microsoft products, you'd better post in the corresponding > newsgroups so that they can be resolved in an efficient and timely manner. > You can locate the newsgroup here: > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx > > When opening a new thread via the web interface, we recommend you check the > "Notify me of replies" box to receive e-mail notifications when there are > any updates in your thread. When responding to posts via your newsreader, > please "Reply to Group" so that others may learn and benefit from your > issue. > > Microsoft engineers can only focus on one issue per thread. Although we > provide other information for your reference, we recommend you post > different incidents in different threads to keep the thread clean. In doing > so, it will ensure your issues are resolved in a timely manner. > > For urgent issues, you may want to contact Microsoft CSS directly. Please > check http://support.microsoft.com for regional support phone numbers. > > Any input or comments in this thread are highly appreciated. > > ===================================================== > > This posting is provided "AS IS" with no warranties, and confers no rights. > -------------------- > | Thread-Topic: ISA 2004 cisco SSL vpn client > | thread-index: Acah1DThcMjMJc4CSB26JOX07pqjLA== > | X-WBNR-Posting-Host: 208.33.47.68 > | From: =?Utf-8?B?T3N3YWxkbw==?= <Oswaldo(a)discussions.microsoft.com> > | References: <u$97GScfGHA.4852(a)TK2MSFTNGP05.phx.gbl> > <W3yb27NoGHA.2028(a)TK2MSFTNGXA01.phx.gbl> > <CE543673-D801-4FD2-9BFC-F36FC1422480(a)microsoft.com> > <SDZNvqaoGHA.6028(a)TK2MSFTNGXA01.phx.gbl> > | Subject: RE: ISA 2004 cisco SSL vpn client > | Date: Fri, 7 Jul 2006 07:47:01 -0700 > | Lines: 214 > | Message-ID: <25D6F0EA-6F60-4CB4-BDEF-604E7E6F6D1C(a)microsoft.com> > | MIME-Version: 1.0 > | Content-Type: text/plain; > | charset="Utf-8" > | Content-Transfer-Encoding: 7bit > | X-Newsreader: Microsoft CDO for Windows 2000 > | Content-Class: urn:content-classes:message > | Importance: normal > | Priority: normal > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 > | Newsgroups: microsoft.public.windows.server.sbs > | Path: TK2MSFTNGXA01.phx.gbl > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:279789 > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250 > | X-Tomcat-NG: microsoft.public.windows.server.sbs > | > | Crina, > | Other question, what should I put on the prefered and alternate DNS > server > | on the properties of the LAN connection? Should I put the Internal IP of > the > | ISA server or the DNS from my ISP? > | Thanks a lot > | Oswaldo > | -- > | Oswaldo Cortes > | > | > | ""Crina Li"" wrote: > | > | > Hi Oswaldo, > | > > | > Thanks for your updates. > | > > | > SecureNAT means you need to configure the internal IP of the ISA server > as > | > client's default gateway. For your issue, I also recommend you to > involve > | > the Cisco support. Some settings on the VPN client or the server could > also > | > affect the VPN connection through a firewall. > | > > | > Thanks for your time and I look forward to hearing from you. > | > > | > Best regards, > | > > | > Crina Li (MSFT) > | > >
From: "Jenny wu [MSFT]" on 12 Jul 2006 11:41 Hi Oswaldo, Thanks for your update! I am jenny and I am backup of Brandy for she is now taking sick leave. I will continue work with you till she come back. I am really sorry for the inconvenience that brings to you. Based on my experience, the problem may occur if authentication is required in the access rule which allows traffic from Local Host to External. Basically it's recommended that we enable proxy on not only the internal clients but also the ISA firewall itself. It is for both performance and flexibility consideration. If you don't want to enable proxy on the ISA server itself, I suggest you try the following steps to solve the issue: 1. Please open the ISA management console, navigate to Firewall Policy, right click "Firewall Policy" and click New->Access Rule, then create a new access rule as following: Rule name: Allow Local Host access Internet Rule Action: Allow Protocols: All Outbound Traffic Sources: Local Host (The built-in network object) Destination: External User Sets: All Users Then move this rule to the top and click Apply to save all the settings. 2. Then please open the ISA2004 Management Console, in the left panel, expand to Configuration->Networks. Under "Networks panel", double click "Internal". Switch to "Web Proxy" panel, click "Authentication" and then uncheck the "Require all users to authenticate" option. Then click the Apply button to save the changes. After performing the above steps, please test the issue again, what is the result? Thanks for your time and cooperation. Please let me know if you have any questions or concerns. Have a nice day! Sincerely, Jenny Wu Microsoft CSS Online Newsgroup Support Get Secure! - www.microsoft.com/security ====================================================== This newsgroup only focuses on SBS technical issues. If you have issues regarding other Microsoft products, you'd better post in the corresponding newsgroups so that they can be resolved in an efficient and timely manner. You can locate the newsgroup here: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx When opening a new thread via the web interface, we recommend you check the "Notify me of replies" box to receive e-mail notifications when there are any updates in your thread. When responding to posts via your newsreader, please "Reply to Group" so that others may learn and benefit from your issue. Microsoft engineers can only focus on one issue per thread. Although we provide other information for your reference, we recommend you post different incidents in different threads to keep the thread clean. In doing so, it will ensure your issues are resolved in a timely manner. For urgent issues, you may want to contact Microsoft CSS directly. Please check http://support.microsoft.com for regional support phone numbers. Any input or comments in this thread are highly appreciated. ====================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- >Thread-Topic: ISA 2004 cisco SSL vpn client >thread-index: AcakNAkPSf2E3xJiRe6B5eU2KpJSLQ== >X-WBNR-Posting-Host: 208.33.47.68 >From: =?Utf-8?B?T3N3YWxkbw==?= <Oswaldo(a)discussions.microsoft.com> >References: <u$97GScfGHA.4852(a)TK2MSFTNGP05.phx.gbl> <W3yb27NoGHA.2028(a)TK2MSFTNGXA01.phx.gbl> <CE543673-D801-4FD2-9BFC-F36FC1422480(a)microsoft.com> <SDZNvqaoGHA.6028(a)TK2MSFTNGXA01.phx.gbl> <25D6F0EA-6F60-4CB4-BDEF-604E7E6F6D1C(a)microsoft.com> <pGsSPA$oGHA.2028(a)TK2MSFTNGXA01.phx.gbl> >Subject: RE: ISA 2004 cisco SSL vpn client >Date: Mon, 10 Jul 2006 08:18:02 -0700 >Lines: 328 >Message-ID: <441134E9-62C9-4323-B15B-BC8DA888F4DE(a)microsoft.com> >MIME-Version: 1.0 >Content-Type: text/plain; > charset="Utf-8" >Content-Transfer-Encoding: 7bit >X-Newsreader: Microsoft CDO for Windows 2000 >Content-Class: urn:content-classes:message >Importance: normal >Priority: normal >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 >Newsgroups: microsoft.public.windows.server.sbs >Path: TK2MSFTNGXA01.phx.gbl >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:280256 >NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250 >X-Tomcat-NG: microsoft.public.windows.server.sbs > >Hi Crina, >I followed you instructions to add the default gateway and checked all the >settings on the Server and Client computers and they are correct, but I can't >make it work yet. When I disable the Firewall Client and clear the proxy >setting on IE, I can't connect to any website. I always get >Error Code: 403 Forbidden. The ISA Server denied the specified Uniform >Resource Locator (URL). (1220) >If I put the proxy information I can see the websites but I get the same >error on the VPN. >I think that my problem is that I have to create some access rules to allow >the access to the External Network but I already created a rule to allow the >protocols IKE Client port 500, IPsec port 4500 and Port 10000 from Internal >to External but it's not working do you have any ideas? >I contacted the IT deparment of the company that I am trying to connect with >the VPN and told me that they don't know much about ISA and that this: >We are setup for NAT-T, we are setup for Remote Access on the tunnel type. >I don't have a option for Transparent unless I'm doing a Lan-to-Lan tunnel. >This isn't a Lan-to-Lan. >So they aren't helping that much. >Thanks a lot for your help and I will be waiting for your comments. >Regards, > >-- >Oswaldo Cortes > > >""Crina Li"" wrote: > >> Hi Oswaldo, >> >> Thanks for your update. >> >> You do not need to stop using DHCP and assign a static IP to the machine. >> You can configure as following: >> >> 1. Right click My Network Places and select Properties. >> 2. Right click Local Area Connection and select Properties. >> 3. High light TCP/IP and click Properties. >> 4. On General tab click Advanced button. >> 5. Add the internal NIC of ISA in Default gateways column in IP Settings >> tab. >> >> You also do not need to uninstall Firewall Client and can only stop it. >> >> I also recommend you to involve the Cisco support. Some settings on the VPN >> client or the server could also affect the VPN connection through a >> firewall. And you may need to know which protocols and ports needed to be >> use
From: Oswaldo on 12 Jul 2006 16:02 Hi Jenny, After we tried all the suggestions that you gave us, the company that is providing the VPN contacted Cisco and they told them that if we are using ISA server on Proxy mode the SSL probably won?t work. So they send me the client software and I am making a direct connection to their system and seems to be working fine. Thank you very much for all your help. Regards, -- Oswaldo Cortes ""Jenny wu [MSFT]"" wrote: > Hi Oswaldo, > > Thanks for your update! I am jenny and I am backup of Brandy for she is now > taking sick leave. I will continue work with you till she come back. I am > really sorry for the inconvenience that brings to you. > > Based on my experience, the problem may occur if authentication is required > in the access rule which allows traffic from Local Host to External. > Basically it's recommended that we enable proxy on not only the internal > clients but also the ISA firewall itself. It is for both performance and > flexibility consideration. If you don't want to enable proxy on the ISA > server itself, I suggest you try the following steps to solve the issue: > > 1. Please open the ISA management console, navigate to Firewall Policy, > right click "Firewall Policy" and click New->Access Rule, then create a new > access rule as following: > > Rule name: Allow Local Host access Internet > Rule Action: Allow > Protocols: All Outbound Traffic > Sources: Local Host (The built-in network object) > Destination: External > User Sets: All Users > > Then move this rule to the top and click Apply to save all the settings. > > 2. Then please open the ISA2004 Management Console, in the left panel, > expand to Configuration->Networks. Under "Networks panel", double click > "Internal". Switch to "Web Proxy" panel, click "Authentication" and then > uncheck the "Require all users to authenticate" option. Then click the > Apply button to save the changes. > > After performing the above steps, please test the issue again, what is the > result? > > Thanks for your time and cooperation. Please let me know if you have any > questions or concerns. > > Have a nice day! > > Sincerely, > > Jenny Wu > Microsoft CSS Online Newsgroup Support > Get Secure! - www.microsoft.com/security > ====================================================== > This newsgroup only focuses on SBS technical issues. If you have issues > regarding other Microsoft products, you'd better post in the corresponding > newsgroups so that they can be resolved in an efficient and timely manner. > You can locate the newsgroup here: > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx > > When opening a new thread via the web interface, we recommend you check the > "Notify me of replies" box to receive e-mail notifications when there are > any updates in your thread. When responding to posts via your newsreader, > please "Reply to Group" so that others may learn and benefit from your > issue. > > Microsoft engineers can only focus on one issue per thread. Although we > provide other information for your reference, we recommend you post > different incidents in different threads to keep the thread clean. In doing > so, it will ensure your issues are resolved in a timely manner. > > For urgent issues, you may want to contact Microsoft CSS directly. Please > check http://support.microsoft.com for regional support phone numbers. > > Any input or comments in this thread are highly appreciated. > ====================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. > > -------------------- > >Thread-Topic: ISA 2004 cisco SSL vpn client > >thread-index: AcakNAkPSf2E3xJiRe6B5eU2KpJSLQ== > >X-WBNR-Posting-Host: 208.33.47.68 > >From: =?Utf-8?B?T3N3YWxkbw==?= <Oswaldo(a)discussions.microsoft.com> > >References: <u$97GScfGHA.4852(a)TK2MSFTNGP05.phx.gbl> > <W3yb27NoGHA.2028(a)TK2MSFTNGXA01.phx.gbl> > <CE543673-D801-4FD2-9BFC-F36FC1422480(a)microsoft.com> > <SDZNvqaoGHA.6028(a)TK2MSFTNGXA01.phx.gbl> > <25D6F0EA-6F60-4CB4-BDEF-604E7E6F6D1C(a)microsoft.com> > <pGsSPA$oGHA.2028(a)TK2MSFTNGXA01.phx.gbl> > >Subject: RE: ISA 2004 cisco SSL vpn client > >Date: Mon, 10 Jul 2006 08:18:02 -0700 > >Lines: 328 > >Message-ID: <441134E9-62C9-4323-B15B-BC8DA888F4DE(a)microsoft.com> > >MIME-Version: 1.0 > >Content-Type: text/plain; > > charset="Utf-8" > >Content-Transfer-Encoding: 7bit > >X-Newsreader: Microsoft CDO for Windows 2000 > >Content-Class: urn:content-classes:message > >Importance: normal > >Priority: normal > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 > >Newsgroups: microsoft.public.windows.server.sbs > >Path: TK2MSFTNGXA01.phx.gbl > >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:280256 > >NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250 > >X-Tomcat-NG: microsoft.public.windows.server.sbs > > > >Hi Crina, > >I followed you instructions to add the default gateway and checked all the > >settings on the Server and Client computers and they are correct, but I > can't > >make it work yet. When I disable the Firewall Client and clear the proxy > >setting on IE, I can't connect to any website. I always get > >Error Code: 403 Forbidden. The ISA Server denied the specified Uniform > >Resource Locator (URL). (1220) > >If I put the proxy information I can see the websites but I get the same > >error on the VPN. > >I think that my problem is that I have to create some access rules to > allow > >the access to the External Network but I already created a rule to allow > the > >protocols IKE Client port 500, IPsec port 4500 and Port 10000 from > Internal > >to External but it's not working do you have any ideas? > >I contacted the IT deparment of the company that I am trying to connect > with > >the VPN and told me that they don't know much about ISA and that this: > >We are setup for NAT-T, we are setup for Remote Access on the tunnel type. > > >I don't have a option for Transparent unless I'm doing a Lan-to-Lan > tunnel. > >This isn't a Lan-to-Lan. > >So they aren't helping that much. > >Thanks a lot for your help and I will be waiting for your comments. > >Regards, > > > >-- > >Oswaldo Cortes > > > > > >""Crina Li"" wrote: > > > >> Hi Oswaldo, > >> > >> Thanks for your update. > >> > >> You do not need to stop usin
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: DCOM error Next: Sender ID Filtering vs. SBS Fax Server |