firewall bypassing problem

[anwar adil]

the senerio i hav made is this

192.168.10.x
192.168.0.x
-----internet ------------[nat device]-------------------[isa
server]-------------------
public ip private ip
LAN users



the problem i am having is this .... as all my users r located on
192.168.0.x network and isa is the default gateway for them.....bt some of
the users put 192.168.10.X ip address on there computer with
192.168.10.2(gateway for 10.x)network .so tht they r now on 10.x network
which results in bypass isa server firewall.

pls tell me is there anyway i can stop this.


ANWAR ADIL

CCNA , MCP

 

[Mike Shepperd]

Don't let your users have admministrative access on their workstations. If
they can't change their IP address, then they'll be on the subnet you want
them on, using the default gateway you want them to use, putting all traffic
through the ISA firewall.

 

[anwar adil]

thank u mike for ur reply.. bt in my case i have to give admin. rights to my
users... is there anyother way i can control this problem?

Don't let your users have admministrative access on their workstations. If
they can't change their IP address, then they'll be on the subnet you want
them on, using the default gateway you want them to use, putting all traffic
through the ISA firewall.

--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington

the senerio i hav made is this

192.168.10.x
192.168.0.x
-----internet ------------[nat device]-------------------[isa
server]-------------------
public ip private ip
LAN users



the problem i am having is this .... as all my users r located on
192.168.0.x network and isa is the default gateway for them.....bt some of
the users put 192.168.10.X ip address on there computer with
192.168.10.2(gateway for 10.x)network .so tht they r now on 10.x network
which results in bypass isa server firewall.

pls tell me is there anyway i can stop this.


ANWAR ADIL

CCNA , MCP

 

[Mike Shepperd]

If the user is the admin on the local machine, there's not a lot you can do,
unless you can modify the actual gateways so that all traffic goes through
the ISA server... The diagram you put up earlier, didn't come through
clearly so I'm not sure why the 10.x network gateway is accessible to the
users, if it shouldn't be, maybe you can use a VLAN or physically separate
the networks... Sounds like you've got smart users who have not only the
power to set whatever they want on their machines, but also the curiosity to
find their way around any simple road blocks... That may be the bigger
issue.

--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington

thank u mike for ur reply.. bt in my case i have to give admin. rights to
my
users... is there anyother way i can control this problem?

Don't let your users have admministrative access on their workstations. If
they can't change their IP address, then they'll be on the subnet you
want
them on, using the default gateway you want them to use, putting all traffic
through the ISA firewall.

--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington

the senerio i hav made is this

192.168.10.x
192.168.0.x
-----internet ------------[nat device]-------------------[isa
server]-------------------
public ip private ip
LAN users



the problem i am having is this .... as all my users r located on
192.168.0.x network and isa is the default gateway for them.....bt some of
the users put 192.168.10.X ip address on there computer with
192.168.10.2(gateway for 10.x)network .so tht they r now on 10.x
network
which results in bypass isa server firewall.

pls tell me is there anyway i can stop this.


ANWAR ADIL

CCNA , MCP