The issue for my customers was NAT-ing on the network. If you NAT addresses, Site Protector will "see" agent heartbeats as coming from a different address then they really are. In all cases, my customers had their SP in a DMZ that had NAT rules in front of the segment. So, when the agents "pinged" SP for their adaptive profile, SP thought they were coming from the NAT address, not their actual address.
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
___________________________________
From: [EMAIL PROTECTED] on behalf of Andrew Plato
Sent: Sat 1/31/2004 1:06 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Problems with adaptive profiles for RS Desktop
I've been working with ISS support on this
issue but they do not have a
solution yet. I have numerous furious customers
so I thought I'd see if
anybody else is experincing these issues.
I
have a whole collection of customers who cannot get Adaptive
Profiles
working. The problem is the VPN group.
The documentation says
to use the external IP of the VPN
concetrator/firewall for the VPN adresses
for the VPN adaptive profile.
But when we use this, it doesn't work. Agents
on VPN connections remain
in default.
So, we tried putting the Virtual
IP range assigned to the VPN clients
into the VPN rules. Nothing, remains in
default.
What's weird, is that when we put the virtual range into corpnet
- the
agent switches into corpnet just fine.
Has anybody seen this
behavior. Do you have ANY
suggestions?
Thanks.
___________________________________
Andrew
Plato, CISSP
President/Principal Consultant
Anitian Enterprise
Security
503-644-5656 Office
503-214-8069 Fax
503-201-0821
Mobile
www.anitian.com
___________________________________
_______________________________________________
ISSForum
mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR
SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
