VPN - Web publishing rule and RSA SecureID
- From: Kasper <Kasper@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Sep 2006 04:08:01 -0700
Greetings all,
I have a little problem with my ISA 2004 server which is used purely for VPN.
Before I tell about the problem, I just draw the setup:
Internet – PIX – ISA 2004 – Internal LAN (The PIX has for DMZ and the
ISA stand in one of em). The ISA 2004 server is a member of the domain and
the VPN clients used the internal DNS server, which all clients/server also
use.
My problem is that some of the VPN users need access to a SharePoint portal
server which is only used on the LAN (there is no access to it from the
Internet). The security policy says that this it is allowed to access the
SharePoint server over VPN if the VPN uses SecureID from RSA.
So after looking at the guide form RSA:
http://rsasecurity.agora.com/rsasecured/product.asp?id=1086
I can see there is two way to use the SecureID.
1) I can use a web publishing rule, where the ISA server will show a RSA
login before they reach the server
2) I can make a new profile with CMAK for the users which need to use
SecureID to login.
I would like to try out solution 1, since I can then stick to using one
installation file (from CMAK) and it seems like a neat solution. Only problem
is that I can't get it to work. Have even tried to publish just a normal http
site without SecureID (Just a normal web publishing rule) but havn't got it
to work.
So if the scenario is like this:
1: ISA servers private address is: 192.168.50.5
2: Web servers internal address is: 192.168.50.10 and it has a site that
people can access on the internal LAN writing http://webserver1/servers
3: The VPN clients get an address of 10.0.0.X when they log on at the ISA
server and uses the internal DNS server for resolution.
Is it possible to use a web publishing rule to publish the web server to the
VPN clients? And how do I do it? I did follow the guide from RSA but so far
no luck.
If I try to make a network monitor while a VPN client try to access the site
when I use a web publishing rule it gives me this:
DNS standard query A webserver1.domain.local
DNS standard query response 192.168.50.10
And then the VPN clients try to connect to 192.168.50.10 and after a while
the browser shows:
“Cannot find the server or DNS error”
If I make a normal access rule where I just give access to the server and
http 80 it works without a problem. But then I can’t get the user to be
validated with RSA SecureID.
I think the problem has something to do with the server not having a public
address/name.
Hope some can guide me in the right direction.
If something is unclear don't hesitate to ask :-)
Yours Sincerely,
Kasper
.
- Prev by Date: Re: Causing TS Session Timeout?
- Next by Date: gestire una VPn
- Previous by thread: Re: Causing TS Session Timeout?
- Next by thread: gestire una VPn
- Index(es):
Relevant Pages
|
