Re: Access rule/Authentication problem in ISA 2004

From: "Fredo" <a55504567@xxxxxxxxxxx>
Date: Fri, 6 Oct 2006 11:33:13 +0200

YES! Sorry for the late reaction, my xnews app was not working properly ...

I read some answers in other posts that it has to do with that the Firewall
client can not authenticate PING. I also read in the ISA Help that the
Firewall client can only authenticate winsock programs. But I want to
authenticate based on user accounts. So SecureNAT is not working for me
cause it does not authenticate based on user accounts.

I think it will be really a disappointment that in ISA 2004 you can not give
access for PING, VPN and other protocols based on user accounts. This was
possible in ISA 2000. Is it possible again in ISA 2006?

"Kevin Longley" <kwlongley@xxxxxxxxxxxxxx> wrote in message
news:%23n62doo4GHA.1196@xxxxxxxxxxxxxxxxxxxxxxx

Just to clarify - you have 2 or more allow rules?

1. A access rule that allows all outbound traffic based on user accounts
2. rules based on the computer IP address

If so how are the rules ordered?

"Fredito" <a55504567@xxxxxxxxxxx> wrote in message
news:451a9af4$0$4531$e4fe514c@xxxxxxxxxxxxxxxxx

I have access rule problem in ISA 2004; most protocols are allowed, but
some are not.

This is the situation:

3 perimeter network (all routed, not NAT)
A access rule that allows all outbound traffic based on user acounts
A Firewall client

Protocols as HTTP, ICA, RDP are allowed, but ping and VPN are not. When I
look in the log I see that traffic is not allowed based on the rule that
alows all traffic.

When I change the rules based on the computer IP address the rules works
fine, but when I want user account control it does not work.

In ISA 2000 I used the same configuration and it worked fine.

I hope somebody can help, thanks!

Follow-Ups:
- Re: Access rule/Authentication problem in ISA 2004
  - From: Kevin Longley

Prev by Date: Re: Any Way to Get Mail Alerts?
Next by Date: Re: ISA 2004 report problem; IP addresses instead of user accounts
Previous by thread: Any Way to Get Mail Alerts?
Next by thread: Re: Access rule/Authentication problem in ISA 2004
Index(es):
- Date
- Thread

Relevant Pages

Re: ISA 2004 & companyweb
... all users to authenticate" option will be un-ticked and the rule called ... access the internet unless they are members in the "Internet Users" group. ... client is sent to the ISA firewall, the ISA will use the following ... to authenticate" option and the Users element in the access rule. ...
(microsoft.public.windows.server.sbs)
Re: Does firewall client work with All Users group?
... The FWC only authenticates to ISA if ISA requires it. ... All it takes is one Access rule that requires user credentials and the FWC ... to authenticate", ...
(microsoft.public.isa.clients)
Re: ISA 2006
... An 'Allow All Users' rule does not require ISA to authenticate a connection ... ISA will terminate a connection if ...
(microsoft.public.isa)
Re: Active directory authentication
... One of your questions is for ISA to authenticate inbound ... ISA does this only when Web Publishing websites. ... don't have to support a large number of different Class B ... trusted machines and machines which require additional ...
(microsoft.public.isa)
Re: winforms authentication
... Your own backend for storing user credentials. ... Domain Windows user accounts. ... still have some local accounts, and it will authenticate against them, ...
(microsoft.public.dotnet.languages.csharp)