Re: ISA, Internet Access and Branch Office VPN

Thanks for the response. Will a dns server and an domain controller at the
branch office solve my problem?

Thanks,

"Phillip Windell" wrote:

"Jeff" <Jeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:940235AB-DFF1-4D59-9C47-33FC9A8EAF1D@xxxxxxxxxxxxxxxx
access for the branch office side. In my main office I have group policy
assigning clients the proxy name for internet usage, they can access the
internet with no problem.

Create 2 GPOs. One for the proxy settings of each ISA.
GPO Name: Main Office Proxy
GPO Name: Branch Office Proxy
The name should make it obvious what they are for. Create the proper proxy
settings in each.

Create two Global Security Groups in AD.
Group Name: Main Office Workstations
Group Name: Branch Office Workstations
The name should make it obvious what each is for,...add the correct machines
(not users) to the correct Group.

In the permissions of each GPO add the correct Group so that only the proper
machines get the proper GPO applied to them.

Main office machines use that ISA,...Branch office machines should use their
own ISA.

I *strongly* recommend against GPO for this,...but if you are going to do
it,..that is how I would do it.

I would recommend WPAD with proxy autodetection instead,..but you don't
appear to have the correct infrastructure in place for that. In fact your
infrastructure is not really correct for optimal Active Directory usage over
slow WAN links. If it was correct for that,..then it would also be correct
for WPAD.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------



.

Relevant Pages

  • RE: Proxy settings on GPO server
    ... I understand that you want your SBS server ... does not perform the IE proxy GPO created by yourself. ...
    (microsoft.public.windows.server.sbs)
  • Re: Overwritten ADM files - recovery?
    ... I've not touched the Desktops GPO! ... now that's a problem...how else do I apply proxy? ... As I said before Mark, I MUST restore what did work before whatever ... so can't try this yet...I did move RDP server from its own OU to ...
    (microsoft.public.windows.group_policy)
  • Re: ISA server 2004 and Bluecoat proxy
    ... i want to mention that we have configured a backup rout (backup bluecoat ... i want to ask about event 14130 that related to web proxy chain fauilire. ... If you were able to work around the upstream proxy server, ... upstream ISA Server, you might want to change it back. ...
    (microsoft.public.isa.configuration)
  • RE: Proxy Server in SBS 2000
    ... sites through port 443. ... If you install ISA 2000 on the SBS 2000 server, ... Connections->LAN Settings, tick the Use proxy server for your LAN, and then ... Is ISA 2000 installed on the SBS Server? ...
    (microsoft.public.windows.server.sbs)
  • Poor client web browsing performance
    ... I've switched all our users from an old proxy 2.0 server to ISA 2004, ... That DNS server is configured with the ISA server's internal NIC ... The first firewall policy rule is called "unrestricted internet ...
    (microsoft.public.isa.configuration)