Re: Firewall client, sockets and SecureNAT

---

• From: "Simon" <simon_le_emailGroup@xxxxxxxxx>
• Date: Thu, 6 Oct 2005 00:54:41 +0700

---

Thanks Virgil,
Yes, indeed from the labs and reading we find that RADIUS is 'supported' for
authenticating outbound Internet access from internal users using web proxy,
not too sure for the firewall client, somehow didn't work for the latter.

Well, I guess the other options we could use then is setup an internal ISA
which is part of the internal domain so we could setup access rights based
on domain accounts and then "chain" it up to the standalone ISA in the DMZ.
We're tinkering about that in the labs now...

Cheers.

-----------------
"ZVR" <nospamever@xxxxxx> wrote in message
news:5-GdnfhgTMLeS97eRVn-rw@xxxxxxxxxxxxx
To my knowledge the firewall client will only pass Windows authentication
credentials to ISA, it is not "RADIUS-aware" in that respect. RADIUS is
supposed to be used with VPN access and in reverse-proxy configurations, not
for "internal client" access. The only exception to this rule is the web
proxy service which *can* be configured for RADIUS authentication (but your
post seems to indicate you are already aware of that).

Virgil



"Simon" <simon_le_emailGroup@xxxxxxxxx> wrote in message
news:%23sdnPqUyFHA.464@xxxxxxxxxxxxxxxxxxxxxxx
> Hi all,
> We're just tinkering around in the lab evaluating ISA 2004 and various
> setup, and this question arose...
>
> We want to keep ISA in the DMZ as standalone and use RADIUS server for any
> access authentication against internal AD.
>
> For Internet access from internal LAN where the client is using ISA
> firewall
> client, can RADIUS approach be used to authenticated such access? (That
> is,
> not web proxy, but sockets access via the firewall client)
>
> Many thanks.
>
>



.

---

• Follow-Ups:
  • Re: Firewall client, sockets and SecureNAT
    • From: ZVR

• References:
  • Firewall client, sockets and SecureNAT
    • From: Simon
  • Re: Firewall client, sockets and SecureNAT
    • From: ZVR

• Prev by Date: Re: Cannot access Intranet Page
• Next by Date: Re: Firewall client, sockets and SecureNAT
• Previous by thread: Re: Firewall client, sockets and SecureNAT
• Next by thread: Re: Firewall client, sockets and SecureNAT
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Proxy Authentication ... still learning ISA and how to fully leverage it...the setting that you ... I do have a rule for internet access, where by certain groups and users are ... where I was mentioning the "admin" thing. ... > confusing the "per proxy listener" authentication (the option I am talking ... (microsoft.public.isa) RE: anonymous access rule and authetication rule ... the group access since it would evalute the "all users" rule first? ... Sorry, I love the ISA server, but still failry new with it. ... require authentication to fullfill your needs. ... I am trying to setup rules that will allow all users access to the internet ... (microsoft.public.isaserver) RE: anonymous access rule and authetication rule ... Sorry, I love the ISA server, but still failry new with it. ... require authentication to fullfill your needs. ... I am trying to setup rules that will allow all users access to the internet ... (microsoft.public.isaserver) RE: anonymous access rule and authetication rule ... Sorry, I love the ISA server, but still failry new with it. ... require authentication to fullfill your needs. ... I am trying to setup rules that will allow all users access to the internet ... (microsoft.public.isaserver) Re: ISA 2004 & IE Authentication ... Your ISA has some rules filtering by content-type? ... disabling it for a while.. ... > is asking for authentication every time they open the IE. Advice please ... Internet users are members in AD group. ... (microsoft.public.isa.clients)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)