Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

ISA Server 2004 firewall clients that use IPSec in the internal network cannot access external networks


View products that this article applies to.

Symptoms

If the following conditions are true, computers that use the Microsoft Internet Security and Acceleration (ISA) Server 2004 firewall client on an internal network cannot access the external network:
  • You are using IPSec to encrypt data in the internal network.
  • You are using Network Address Translation (NAT) on the ISA Server 2004-based server so internal clients can connect to an external network.

↑ Back to the top


Workaround

To work around this behavior, turn off IP routing on the ISA Server 2004-based server. To do this, follow these steps:
  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  2. In the ISA Server 2004 Management console, expand ISA Server 2004-based server.
  3. Expand Configuration, and then click General.
  4. In the right pane of the ISA Server 2004 Management console, click Define IP Preferences under Additional Security Policy.
  5. In the IP Preferences box, click the IP Routing tab.
  6. Click to clear the Enable IP routing check box, and then click OK.

↑ Back to the top


Status

This behavior is by design.

↑ Back to the top


More information

Although IP routing improves network performance, you may want to turn off IP routing to help improve network security.

↑ Back to the top


Keywords: KB838379, kbprb

↑ Back to the top

Article Info
Article ID : 838379
Revision : 4
Created on : 7/16/2004
Published on : 7/16/2004
Exists online : False
Views : 353