Re: Accessing External OWA from behind ISA

From: Steve (slevine_at_rchn.org)
Date: 05/17/04 

Date: 17 May 2004 11:50:23 -0700

I have tried this: they were using my PCs authenticating to my
network. I have since removed the FW client and get the same problem:
 won't authenticate. I'm continuing to have problems with other
simple operations (with or without client installed): Example-
installing Shockwave plugin freezes and doesn't complete.

"Tony Su" <anonymous@discussions.microsoft.com> wrote in message news:<c24601c4384a$f41f16b0$a101280a@phx.gbl>...
> When ISA is in cache-only mode, it functions as it is
> described... mainly to cache with little to no
> restrictions on granting access, only as you describe by
> enforcing authentication to AD.
>
> For this to work, you only need to configure your Web
> Browser to point to ISA on port 8080, you do not need any
> other software.
>
> I have found though that if OWA itself is deployed on ISA,
> it should require <only> Basic authentication for a remote
> client behind another ISA to work. Enabling Integrated and
> Digest is supposed to work but in my experience cause
> problems like what you describe.
>
> The other thing to note is that your original post
> described these Users as "Visitors." Obviously, if you
> will be requiring AD authentication you will need to
> provide your visitors with valid credentials.
>
> Tony Su
>
>
>
> >-----Original Message-----
> >Cache mode.
> >
> >I really only need a proxy server that authenticates AD
> for access,
> >like MS Proxy was. Is this even the right product for
> me? It seems
> >to be lacking in a lot of support for things that used to
> just work...
> >
> >I appreciate your help, Tony.
> >
> >"Tony Su" <anonymous@discussions.microsoft.com> wrote in
> message news:<b6ef01c43778$920c0140$a101280a@phx.gbl>...
> >> Let's go back to the beginning...
> >>
> >> Do you have ISA installed in Caching only mode (one
> NIC),
> >> Firewall Mode or Integrated Mode (both two NICs)?
> >>
> >> Tony Su
> >>
> >>
> >>
> >> >-----Original Message-----
> >> >No one is allowed directly out of the gateway- that's
> what ISA is for,
> >> >to act as a proxy. It is my understanding that I need
> the firewall
> >> >client installed on workstations to use the proxy to
> surf.
> >> >
> >> >(Clients with own translations referenced below are
> servers that need
> >> >them to do mail, DNS, that sort of thing- not desktop
> clients. Just
> >> >did to make sure outside server was working.)
> >> >
> >> >Back to the original question: Why can't a client
> using
> ISA as a
> >> >proxy connect to external OWA?
> >> >
> >> >"Tony Su" <anonymous@discussions.microsoft.com> wrote
> in
> >> message news:<b06101c436d1$7a16dd00
> $a501280a@phx.gbl>...
> >> >> First, a FW client shouldn't have anything to do
> with
> OWA
> >> >> in cache mode (normally).
> >> >>
> >> >> The real question is whether your visitors are
> configured
> >> >> with the proper Web Proxy browser settings if they
> are
> >> >> going to use your ISA.
> >> >>
> >> >> But, since these are visitors, I'd just point them
> >> >> directly to your Gateway instead of going through
> ISA.
> >> >>
> >> >> Tony Su
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> >-----Original Message-----
> >> >> >I have some visitors in who need to access their
> own
> >> OWA
> >> (Exchange
> >> >> >2000, no SSL) from PCs on my network. Am running
> >> ISA2000
> >> in cache
> >> >> >mode, with clients running FW client on Win2K Pro,
> IE
> >> 6.
> >> When the
> >> >> >people enter their username, password, and domain
> it
> doesn't take, and
> >> >> >re-prompts for credential.
> >> >> >
> >> >> >Of course is I go to a client with its own FW
> >> translation
> >> it works
> >> >> >just fine... must be ISA.
> >> >> >
> >> >> >Weblog shows TCP Get requests going out, and that's
> >> it.
> >> What's up
> >> >> >here?
> >> >> >
> >> >> >Thanks in advance.
> >> >> >Steve
> >> >> >.
> >> >> >
> >> >.
> >> >
> >.
> >

Relevant Pages

  • Re: Authentication Rule Blocks Telnet
    ... Check your FWC application settings at the ISA; ... Original Client IP Client Agent Authenticated Client Service Server Name ... Type Log Time Destination IP Destination Port Protocol Action Rule Client IP ... >>> or firewall logs that can show the source of the authentication problem? ...
    (microsoft.public.isa)
  • Re: IE Authentication dialog showed in ISA2000 but will not in ISA2004
    ... > We are upgrading from ISA 2000 to ISA 2004. ... The web proxy ISA client is used. ... We are still using the web proxy ISA ... > authentication dialog if we login using the generic unapproved account. ...
    (microsoft.public.isa.clients)
  • Re: Secure Nat clients authentication
    ... If FTP requires uploads, and authentication is required,...then the firewall ... Wanting the funtionality without the firewall client really is not ... to do exactly what it does,...and ISA is not one of those. ... As you have mentioned the ISA server with be a member server ...
    (microsoft.public.isa.configuration)
  • RE: ISA 2004 - Anonymous Connection
    ... the clients have to provide authentication to ISA ... The IE will provide the current logon user credential to ISA ... So if the client logon SBS domain, ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Suse Linux Updates - ISA2004
    ... Performance am ISA selbst ist hervorragend. ... Proxy-Clients mit wie ohne Authentication sind gleich schnell bzw. langsam. ... beim Client eintragen ... ... ohne Anmeldung oder noch besser Proxy Client ohne Anmeldung mal versuchen, ...
    (microsoft.public.de.german.isaserver)