Re: Access rule/Authentication problem in ISA 2004

---

• From: "Kevin Longley" <kwlongley@xxxxxxxxxxxxxx>
• Date: Fri, 6 Oct 2006 16:30:43 -0400

---

When you say vpn do you mean from external to internal or are you making vpn
connections from behind the firewall to an external vpn server?

Securnat clients cannot authenticate, the only control is by ip address.

"Fredo" <a55504567@xxxxxxxxxxx> wrote in message
news:452622d9$0$4518$e4fe514c@xxxxxxxxxxxxxxxxx

YES! Sorry for the late reaction, my xnews app was not working properly
...

I read some answers in other posts that it has to do with that the
Firewall client can not authenticate PING. I also read in the ISA Help
that the Firewall client can only authenticate winsock programs. But I
want to authenticate based on user accounts. So SecureNAT is not working
for me cause it does not authenticate based on user accounts.

I think it will be really a disappointment that in ISA 2004 you can not
give access for PING, VPN and other protocols based on user accounts. This
was possible in ISA 2000. Is it possible again in ISA 2006?

"Kevin Longley" <kwlongley@xxxxxxxxxxxxxx> wrote in message
news:%23n62doo4GHA.1196@xxxxxxxxxxxxxxxxxxxxxxx

Just to clarify - you have 2 or more allow rules?

1. A access rule that allows all outbound traffic based on user accounts
2. rules based on the computer IP address

If so how are the rules ordered?

"Fredito" <a55504567@xxxxxxxxxxx> wrote in message
news:451a9af4$0$4531$e4fe514c@xxxxxxxxxxxxxxxxx

I have access rule problem in ISA 2004; most protocols are allowed, but
some are not.

This is the situation:

3 perimeter network (all routed, not NAT)
A access rule that allows all outbound traffic based on user acounts
A Firewall client

Protocols as HTTP, ICA, RDP are allowed, but ping and VPN are not. When
I
look in the log I see that traffic is not allowed based on the rule that
alows all traffic.

When I change the rules based on the computer IP address the rules works
fine, but when I want user account control it does not work.

In ISA 2000 I used the same configuration and it worked fine.

I hope somebody can help, thanks!

.

---

• Follow-Ups:
  • Re: Access rule/Authentication problem in ISA 2004
    • From: Fredito

• References:
  • Re: Access rule/Authentication problem in ISA 2004
    • From: Fredo

• Prev by Date: Re: ISA 2004 report problem; IP addresses instead of user accounts
• Next by Date: Re: Wierd message on iSA 2004 SP2 - GZIP?
• Previous by thread: Re: Access rule/Authentication problem in ISA 2004
• Next by thread: Re: Access rule/Authentication problem in ISA 2004
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Is this ISA server setup right or wrong? ... > pix 501 and a vpn between the sites. ... > to implement an ISA server behind the pix firewall at the ... The remote VPN subnets (private IP ... (microsoft.public.isa) Re: Umstellung von Edgefirewall zu Backfirewall mit WLAN ... Die lasse ich auch nur mit VPN rein. ... Beim Speedport gibt s die Einstellmöglichkeit für VPN Passthrough, ... (doppelte Firewall, doppelte Sicherheit?) ... Den VPN Zugang wuerde ich auch am ISA machen lassen und nicht am Speedport. ... (microsoft.public.de.german.isaserver) Re: PPTP Server publishing in ISA 2004 doesnt work? ... But the ISA 2004 firewall allows you very fine, ... what resources the user can access once the VPN connection is established. ... Tom and Deb Shinder's Configuring ISA Server 2004 ... (microsoft.public.isa) Re: Is Firewall Client necessary? ... > security of the ISA firewall. ... >: requires the Firewall Client. ... there is no relationship between VPN and the Firewall Service. ... >: based on User Accounts. ... (microsoft.public.isa.clients) Re: Is Firewall Client necessary? ... > security of the ISA firewall. ... >: requires the Firewall Client. ... there is no relationship between VPN and the Firewall Service. ... >: based on User Accounts. ... (microsoft.public.isaserver)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)