Bachinat0r
Technical User
what i would like to be able to do is bypass isa server. there is an ip on my network that i would like to not have to be proxied through the isa to gain access to the internet. is there a way to do this?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
bypassing ISA server
- Thread starter Bachinat0r
- Start date
- Status
You could place a hub between your ISA server and your internet router (DMZ) and connect the device in question to that hub setting the default gateway to the IP of the internet router. This would of course mean that the device would be outside your internal network.
- Thread starter
- #3
Bachinat0r
Technical User
is there a way to keep it on the internal network and just specify that i don't want 1 or a couple ip address on the internal network to not use the isa server?
NSPATCH...
There is a couple of ways to do this:
1. Using the Microsoft Firewall Client
2. NATing the client out.
1. Install the microsoft firewall client on the client PC, after installation there will be an icon in the system tray. Right click this icon > click Configure, then enter the hostname of the ISA server. Click UPDATE NOW. Now in the internet options of your browser, untick ALL options from your browser. Now when you open IE, you should see the icon in the system tray have a green dot on it (which means traffic is passing through).
2. Do you have Cisco routers? If so, you can use Dynamic NAT to allow certain clients directly out on the internet. This requires a bit of config on the cisco router and you will have to create a reservation in DHCP - so the IP Address of the client doesnt keep on changing.
Let me know if option 1 doesnt work and I'll explain option 2 in more detail.
Cheers Carl
There is a couple of ways to do this:
1. Using the Microsoft Firewall Client
2. NATing the client out.
1. Install the microsoft firewall client on the client PC, after installation there will be an icon in the system tray. Right click this icon > click Configure, then enter the hostname of the ISA server. Click UPDATE NOW. Now in the internet options of your browser, untick ALL options from your browser. Now when you open IE, you should see the icon in the system tray have a green dot on it (which means traffic is passing through).
2. Do you have Cisco routers? If so, you can use Dynamic NAT to allow certain clients directly out on the internet. This requires a bit of config on the cisco router and you will have to create a reservation in DHCP - so the IP Address of the client doesnt keep on changing.
Let me know if option 1 doesnt work and I'll explain option 2 in more detail.
Cheers Carl
- Thread starter
- #5
Bachinat0r
Technical User
thanks for your help...i tried step number 1. i installed the microsoft firewall. what i get is that ISA server could not be detected? got any ideas?
Why do want to bypass proxy? Are there any special services you need to access on the internet or is it just that you don't want to cache anything of this IPs session?
Using routing rules you can define a rule which would not cache when specified destinations are visited, for example.
There are just a few services which do not work with ISA, one of them are MSN Messenger's possibility to do video conferencing/audio sessions. This is due to the fact that they do not use H.323 protocol. NetMeeting on the other hand would work, because of its H.323 support. Also, ISA is not UPnP aware, which the XP "firewall" is, and there if you are using the XP Firewall and nothing else, the MSN Messenger and video/audio is no problem.
Cheers
Knutern
Using routing rules you can define a rule which would not cache when specified destinations are visited, for example.
There are just a few services which do not work with ISA, one of them are MSN Messenger's possibility to do video conferencing/audio sessions. This is due to the fact that they do not use H.323 protocol. NetMeeting on the other hand would work, because of its H.323 support. Also, ISA is not UPnP aware, which the XP "firewall" is, and there if you are using the XP Firewall and nothing else, the MSN Messenger and video/audio is no problem.
Cheers
Knutern
- Thread starter
- #7
Bachinat0r
Technical User
basically...i don't want anything from certain IP address on the lan to be logged by the ISA server logs.
Well, any action traversing any ISA service is being logged (except for packet filters, which by default only log blocked packets).
Alternatively, you can choose not to log certain fields, like source and destination IP (W3C log format only).
But then again, this will make it impossible to do proper forensic research. I'd rather suggest you use a second gateway instead, which goes beyond ISA.
Cheers
Knutern
Alternatively, you can choose not to log certain fields, like source and destination IP (W3C log format only).
But then again, this will make it impossible to do proper forensic research. I'd rather suggest you use a second gateway instead, which goes beyond ISA.
Cheers
Knutern
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question