Re: ISA, Internet Access and Branch Office VPN

"Jeff" <Jeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:940235AB-DFF1-4D59-9C47-33FC9A8EAF1D@xxxxxxxxxxxxxxxx
access for the branch office side. In my main office I have group policy
assigning clients the proxy name for internet usage, they can access the
internet with no problem.

Create 2 GPOs. One for the proxy settings of each ISA.
GPO Name: Main Office Proxy
GPO Name: Branch Office Proxy
The name should make it obvious what they are for. Create the proper proxy
settings in each.

Create two Global Security Groups in AD.
Group Name: Main Office Workstations
Group Name: Branch Office Workstations
The name should make it obvious what each is for,...add the correct machines
(not users) to the correct Group.

In the permissions of each GPO add the correct Group so that only the proper
machines get the proper GPO applied to them.

Main office machines use that ISA,...Branch office machines should use their
own ISA.

I *strongly* recommend against GPO for this,...but if you are going to do
it,..that is how I would do it.

I would recommend WPAD with proxy autodetection instead,..but you don't
appear to have the correct infrastructure in place for that. In fact your
infrastructure is not really correct for optimal Active Directory usage over
slow WAN links. If it was correct for that,..then it would also be correct
for WPAD.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


.

Relevant Pages

  • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
    ... have?Firewall client or Web proxy clients?If you are using FWC is normal ... to use proxy locally and create an exception for your web site. ... in them,...this causes them to be interpreted by Internet ... Understanding the ISA 2004 Access Rule Processing ...
    (microsoft.public.isa.vpn)
  • Re: Exception list problem in internet explorer in the Local Netwo
    ... But I don't want that the requests to the internal web sites in the local ... network go to the ISA proxy. ... However I never use GPO for proxy settings it is too rigid and does seem to have ... We use the ISA proxy server to go to internet in the local network. ...
    (microsoft.public.isa.clients)
  • RE: Outlook clinet config for RPC/HTTP
    ... Internet as long as my Proxy referances the DNS name. ... I have looked at the ISA logs, the RPC Proxy server logs ...
    (microsoft.public.exchange.admin)
  • RE: 504 Proxy timeout only with SSL traffic
    ... Hi I setup an access rule as you requested and tried it with web proxy off on ... the DMZ network is considered External to the ... And can access all other HTTPS sites on the internet? ... that there may be something wrong with the proxy engine on the ISA, ...
    (microsoft.public.isa)
  • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
    ... The browser has a proxy deny rule to point allow all mab.intra traffic to go ... bypass the proxy within the ISA server. ... them,...this causes them to be interpreted by Internet ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004 ...
    (microsoft.public.isa.vpn)