Internet Connection Sharing

Ok I have a bit of a simple question. Basically I have a network of about
35 Win2k Pc's and 2 Win2k servers. I also have a Firewall/Router connected
to the network which provides the internet connection.

I'm using static IP's (required by some software we use). Basically for the
users that are allowed internet access I simply enter the gateway & DNS
entries. This works fine and I have no problems with it.

However the Firewall/Router doesn't generate logs of internet access, or the
domains accessed. My question is basically, how can I give access to the
users of my network and log their activities?!

I also have a small Netgear RP-114 router from an old (and much smaller)
network setup, which provides the logs that I need! However it won't work
being connected into the LAN twice!!

I've tried Internet Connection Sharing on both a server and workstation but
obviously it will not work sharing the internet connection on the network it
exists on!

Confusion sets in! Any help appreciated

I have a hardware firewall but unfortunatly it doesn't supply logs on
domains accessed etc.

Am I able to install ISA server on a member server or must it be on the DC?
Also would that cure my problem of basically using one network connection ?
Sorry I can't explain my problem very well!

"Paul King" <kin0363k@hotmail.com> wrote in message
news:%23tpJso8PDHA.2832@TK2MSFTNGP10.phx.gbl...
> Personally I would either employ one of your 2 servers to become an ISA
> server or get a good firewall like Watchguard FB III which has policies
and
> logging by default.
>
> Regards
> Paul.
>
> "TDT" <tdt@tinyanimal.co.uk> wrote in message
> news:w6dMa.73$eG4.15389@newsfep2-gui.server.ntli.net...
> > Ok I have a bit of a simple question. Basically I have a network of
about
> > 35 Win2k Pc's and 2 Win2k servers. I also have a Firewall/Router
> connected
> > to the network which provides the internet connection.
> >
> > I'm using static IP's (required by some software we use). Basically for
> the
> > users that are allowed internet access I simply enter the gateway & DNS
> > entries. This works fine and I have no problems with it.
> >
> > However the Firewall/Router doesn't generate logs of internet access, or
> the
> > domains accessed. My question is basically, how can I give access to
the
> > users of my network and log their activities?!
> >
> > I also have a small Netgear RP-114 router from an old (and much smaller)
> > network setup, which provides the logs that I need! However it won't
work
> > being connected into the LAN twice!!
> >
> > I've tried Internet Connection Sharing on both a server and workstation
> but
> > obviously it will not work sharing the internet connection on the
network
> it
> > exists on!
> >
> > Confusion sets in! Any help appreciated
> >
> >
>
>

Well lets just say ISA is a comprehensive solution and one that has to be
planned very well. You are right to say ISA has to be on the DC within
Active Directory.

The issue is that your clients are using the router/firewall as your default
gateway and therefore all local hops go through this device bypassing any
other devices you have on the network. ISA works basically as a gateway and
therefore all activity is logged. I'm really surprised that your
router/firewall doesn't have any logging capabilities.

I have installed a Firebox which allows you to setup groups on the firewall
and enable logging for those groups - so I know exactly what comes in and
out of the network

Unfortunately my friend this is not a simple solution, and one that cannot
really be solved by employing a 3rd party solution as you have many machines
on the LAN. The only thing that comes close is Norton Internet Security
(NIS) - but this only logs the activity of one machine and you would have to
purchase loads of licenses.

Regards
Paul.


"TDT" <tdt@tinyanimal.co.uk> wrote in message
news:gdfMa.107$eG4.24489@newsfep2-gui.server.ntli.net...
> I have a hardware firewall but unfortunatly it doesn't supply logs on
> domains accessed etc.
>
> Am I able to install ISA server on a member server or must it be on the
DC?
> Also would that cure my problem of basically using one network connection
?
> Sorry I can't explain my problem very well!
>
> "Paul King" <kin0363k@hotmail.com> wrote in message
> news:%23tpJso8PDHA.2832@TK2MSFTNGP10.phx.gbl...
> > Personally I would either employ one of your 2 servers to become an ISA
> > server or get a good firewall like Watchguard FB III which has policies
> and
> > logging by default.
> >
> > Regards
> > Paul.
> >
> > "TDT" <tdt@tinyanimal.co.uk> wrote in message
> > news:w6dMa.73$eG4.15389@newsfep2-gui.server.ntli.net...
> > > Ok I have a bit of a simple question. Basically I have a network of
> about
> > > 35 Win2k Pc's and 2 Win2k servers. I also have a Firewall/Router
> > connected
> > > to the network which provides the internet connection.
> > >
> > > I'm using static IP's (required by some software we use). Basically
for
> > the
> > > users that are allowed internet access I simply enter the gateway &
DNS
> > > entries. This works fine and I have no problems with it.
> > >
> > > However the Firewall/Router doesn't generate logs of internet access,
or
> > the
> > > domains accessed. My question is basically, how can I give access to
> the
> > > users of my network and log their activities?!
> > >
> > > I also have a small Netgear RP-114 router from an old (and much
smaller)
> > > network setup, which provides the logs that I need! However it won't
> work
> > > being connected into the LAN twice!!
> > >
> > > I've tried Internet Connection Sharing on both a server and
workstation
> > but
> > > obviously it will not work sharing the internet connection on the
> network
> > it
> > > exists on!
> > >
> > > Confusion sets in! Any help appreciated
> > >
> > >
> >
> >
>
>

ISA server does NOT have to be on a Domain Controller. It doesn't even have
to be a member of the domain that you are using it in

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

scrockel@***No_SPAM***hotmail.com
"Paul King" <kin0363k@hotmail.com> wrote in message
news:#NlZ148PDHA.2768@tk2msftngp13.phx.gbl...
> Well lets just say ISA is a comprehensive solution and one that has to be
> planned very well. You are right to say ISA has to be on the DC within
> Active Directory.
>
> The issue is that your clients are using the router/firewall as your
default
> gateway and therefore all local hops go through this device bypassing any
> other devices you have on the network. ISA works basically as a gateway
and
> therefore all activity is logged. I'm really surprised that your
> router/firewall doesn't have any logging capabilities.
>
> I have installed a Firebox which allows you to setup groups on the
firewall
> and enable logging for those groups - so I know exactly what comes in and
> out of the network
>
> Unfortunately my friend this is not a simple solution, and one that cannot
> really be solved by employing a 3rd party solution as you have many
machines
> on the LAN. The only thing that comes close is Norton Internet Security
> (NIS) - but this only logs the activity of one machine and you would have
to
> purchase loads of licenses.
>
> Regards
> Paul.
>
>
> "TDT" <tdt@tinyanimal.co.uk> wrote in message
> news:gdfMa.107$eG4.24489@newsfep2-gui.server.ntli.net...
> > I have a hardware firewall but unfortunatly it doesn't supply logs on
> > domains accessed etc.
> >
> > Am I able to install ISA server on a member server or must it be on the
> DC?
> > Also would that cure my problem of basically using one network
connection
> ?
> > Sorry I can't explain my problem very well!
> >
> > "Paul King" <kin0363k@hotmail.com> wrote in message
> > news:%23tpJso8PDHA.2832@TK2MSFTNGP10.phx.gbl...
> > > Personally I would either employ one of your 2 servers to become an
ISA
> > > server or get a good firewall like Watchguard FB III which has
policies
> > and
> > > logging by default.
> > >
> > > Regards
> > > Paul.
> > >
> > > "TDT" <tdt@tinyanimal.co.uk> wrote in message
> > > news:w6dMa.73$eG4.15389@newsfep2-gui.server.ntli.net...
> > > > Ok I have a bit of a simple question. Basically I have a network of
> > about
> > > > 35 Win2k Pc's and 2 Win2k servers. I also have a Firewall/Router
> > > connected
> > > > to the network which provides the internet connection.
> > > >
> > > > I'm using static IP's (required by some software we use). Basically
> for
> > > the
> > > > users that are allowed internet access I simply enter the gateway &
> DNS
> > > > entries. This works fine and I have no problems with it.
> > > >
> > > > However the Firewall/Router doesn't generate logs of internet
access,
> or
> > > the
> > > > domains accessed. My question is basically, how can I give access
to
> > the
> > > > users of my network and log their activities?!
> > > >
> > > > I also have a small Netgear RP-114 router from an old (and much
> smaller)
> > > > network setup, which provides the logs that I need! However it
won't
> > work
> > > > being connected into the LAN twice!!
> > > >
> > > > I've tried Internet Connection Sharing on both a server and
> workstation
> > > but
> > > > obviously it will not work sharing the internet connection on the
> > network
> > > it
> > > > exists on!
> > > >
> > > > Confusion sets in! Any help appreciated
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Thanks for you help guys

"Paul King" <kin0363k@hotmail.com> wrote in message
news:%235disCHQDHA.2852@tk2msftngp13.phx.gbl...
> Sorry Scott - I obviously got fed the wrong information. Still, I guess
> this would have have to be acrefully planned onto the existing network.
>
> Cheers
> Paul.
>
> "Scott Harding - MS MVP" <scrockel@**NOSPAM**hotmail.com> wrote in message
> news:%23HzVp1BQDHA.3664@tk2msftngp13.phx.gbl...
> > ISA server does NOT have to be on a Domain Controller. It doesn't even
> have
> > to be a member of the domain that you are using it in
> >
> > --
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> > scrockel@***No_SPAM***hotmail.com
> > "Paul King" <kin0363k@hotmail.com> wrote in message
> > news:#NlZ148PDHA.2768@tk2msftngp13.phx.gbl...
> > > Well lets just say ISA is a comprehensive solution and one that has to
> be
> > > planned very well. You are right to say ISA has to be on the DC
within
> > > Active Directory.
> > >
> > > The issue is that your clients are using the router/firewall as your
> > default
> > > gateway and therefore all local hops go through this device bypassing
> any
> > > other devices you have on the network. ISA works basically as a
gateway
> > and
> > > therefore all activity is logged. I'm really surprised that your
> > > router/firewall doesn't have any logging capabilities.
> > >
> > > I have installed a Firebox which allows you to setup groups on the
> > firewall
> > > and enable logging for those groups - so I know exactly what comes in
> and
> > > out of the network
> > >
> > > Unfortunately my friend this is not a simple solution, and one that
> cannot
> > > really be solved by employing a 3rd party solution as you have many
> > machines
> > > on the LAN. The only thing that comes close is Norton Internet
Security
> > > (NIS) - but this only logs the activity of one machine and you would
> have
> > to
> > > purchase loads of licenses.
> > >
> > > Regards
> > > Paul.
> > >
> > >
> > > "TDT" <tdt@tinyanimal.co.uk> wrote in message
> > > news:gdfMa.107$eG4.24489@newsfep2-gui.server.ntli.net...
> > > > I have a hardware firewall but unfortunatly it doesn't supply logs
on
> > > > domains accessed etc.
> > > >
> > > > Am I able to install ISA server on a member server or must it be on
> the
> > > DC?
> > > > Also would that cure my problem of basically using one network
> > connection
> > > ?
> > > > Sorry I can't explain my problem very well!
> > > >
> > > > "Paul King" <kin0363k@hotmail.com> wrote in message
> > > > news:%23tpJso8PDHA.2832@TK2MSFTNGP10.phx.gbl...
> > > > > Personally I would either employ one of your 2 servers to become
an
> > ISA
> > > > > server or get a good firewall like Watchguard FB III which has
> > policies
> > > > and
> > > > > logging by default.
> > > > >
> > > > > Regards
> > > > > Paul.
> > > > >
> > > > > "TDT" <tdt@tinyanimal.co.uk> wrote in message
> > > > > news:w6dMa.73$eG4.15389@newsfep2-gui.server.ntli.net...
> > > > > > Ok I have a bit of a simple question. Basically I have a
network
> of
> > > > about
> > > > > > 35 Win2k Pc's and 2 Win2k servers. I also have a
Firewall/Router
> > > > > connected
> > > > > > to the network which provides the internet connection.
> > > > > >
> > > > > > I'm using static IP's (required by some software we use).
> Basically
> > > for
> > > > > the
> > > > > > users that are allowed internet access I simply enter the
gateway
> &
> > > DNS
> > > > > > entries. This works fine and I have no problems with it.
> > > > > >
> > > > > > However the Firewall/Router doesn't generate logs of internet
> > access,
> > > or
> > > > > the
> > > > > > domains accessed. My question is basically, how can I give
access
> > to
> > > > the
> > > > > > users of my network and log their activities?!
> > > > > >
> > > > > > I also have a small Netgear RP-114 router from an old (and much
> > > smaller)
> > > > > > network setup, which provides the logs that I need! However it
> > won't
> > > > work
> > > > > > being connected into the LAN twice!!
> > > > > >
> > > > > > I've tried Internet Connection Sharing on both a server and
> > > workstation
> > > > > but
> > > > > > obviously it will not work sharing the internet connection on
the
> > > > network
> > > > > it
> > > > > > exists on!
> > > > > >
> > > > > > Confusion sets in! Any help appreciated
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>