Home | Windows 2003 | Windows XP | Windows 2000 | Books | Tests | Link Exchange
Google
 
 
SolutionsCompanyCatalogNews
Microsoft Windows Server 2003 Microsoft Windows 2000 Microsoft Windows XP
CCNA
CCNP
CCSP
CCIE
A+
MCSE

Active Directory
Backup
Certificate Service
Compatibilities
Desktop Environment
DFS
DHCP
DNS
Domains
Exchange Outlook
File Systems
Group Policy
IIS
Installations
Internet Explorer
ISA
Mobile Wireless
Multimedia
Netware
Network
Printing
RAID
RAS
Recovery
Security
Service Packs
System Configurations
TCP / IP
Terminal Services
Utilities
Windows Server 2000
Windows XP
Link Exchange  
  ISA

  
Can I install the ISA firewall client on the ISA Server?

No, the Internet Security and Acceleration (ISA) Server 2000 doesn't support this configuration (although I've seen it work). Granted, this approach seems like the logical solution to the problem that all the ISA clients can see the Internet resources via the ISA Server but the ISA Server itself can't view anything. However, you shouldn't install the client on the server.

Instead, to grant the ISA Server access to resources, you must configure packet filters. For example, if you want to allow outbound Web server access, create a packet filter that allows outbound requests to TCP 80.

How do I configure ISA to automatically dial out via RAS?

If you expand your ISA array, expand Network Configuration and select Routing you will see a "Default rule". If you right click on the default rule and select Properties and select the Action tab you will see 'Automatically dial out' but none of your entries are shown.

You first need to run a VBS script which is in the \sdk\samples\admin\scripts folder of the ISA CD called Add_DOD.vbs however you will need to edit it first.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) 2000 Microsoft Corporation. All rights reserved.
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script will add new Dialup Entry and set the Dialup Entry Credentials.
' After that the script will set one Routing rule to use the new Dialup Entry
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub SetDialupEntry()
Set ISA = CreateObject("FPC.Root")
ISA.Refresh
Set Arrays = ISA.Arrays

arrayname = InputBox("Please enter the array name, or for the first array:")

If arrayname = "" Then
Set arr = Arrays(1)
Else
' Look for the specified array
On Error Resume Next
Set arr = Arrays(arrayname)

If Err.Number <> 0 Then
MsgBox "The array specified array was not found"
Exit Sub
End If
End If


'Add Dialup Entry
Set objDialupEntry = Arr.PolicyElements.DialupEntries.Add ("ISA_DISPLAY", "RAS_ENTRY")
'Set the Dialup entry credentials
objDialupEntry.Credentials.UserName = "UserName" 'Enter here your username
objDialupEntry.Credentials.Password = "Password" 'Enter here your password
objDialupEntry.AuthenticationEnabled = True
Arr.Save

Arr.Refresh

'Select routing rule and set the Autodial to the added Dialup Entry
Set objRoutingRule= arr.NetworkConfiguration.RoutingRules(1)
objRoutingRule.PrimaryRoute.AutoDialOut.SetAutoDial True,"ISA_DISPLAY"
objRoutingRule.Save

MsgBox "Done"
End Sub

SetDialupEntry

You need to change the items in Purple. The first, ISA_DISPLAY should be the display name as it should be displayed in ISA, the next is the actual RAS entry name. Set the correct connection username and password. Finally set the autodialout to the dialout entry name.

Now double click the VBS file, you will be asked for the array (just press Enter).

Once done it should be selected under the Default Rule.

If you have any problems and want to remove the dial up entries run Remove_Unused_DialupEntries.vbs script in the same directory and try again!

How do I disable packet filters for ISA?

This is not advisable, you should define filters for all the traffic you wish to allow however if you want to try something quickly you can just disable the filter as follows:

  1. Start the ISA Admin tool (Start - Programs - Microsoft ISA Server - ISA Administration Tool)
  2. Expand the Arrays, the specific array, Access Policy
  3. Right click IP Packet Filters
  4. Select Properties
  5. Unselect 'Enable packet filtering'
  6. Click OK

To enable again perform the above but in step 5 you would select rather than unselect.

Next >>
Free advertising
Home / Privacy Policy / Contact Us
© Copyrights 2009 Windows Certification by Windows Highway® All rights reserved