RE: Unable to allow Internet Access from ISA Server Machine
- From: Ash <Ash@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 30 May 2007 12:35:00 -0700
With a unihomed scenario, you cannot set different auth methods per network
(which usually works) since there is pretty much only one proxy listener for
all the outgoing traffic through the ISA.
thats where the source and destination always appear to be the internal
network
"Sandy Wood" wrote:
Thanks for the info. I've got my ISA Server setup exactly this way. I would.
love to be able to allow Basic Auth only on the Local Host and get it to work
for traffice from the ISA Server itself. It doesn't seem to be able to.
--
Sandy Wood
Orange County District Attorney
"Ash" wrote:
Maybe this can explain this.
http://www.microsoft.com/technet/isa/2004/plan/single_adapter.mspx#EGC
Configuring ISA Server with a Single Network Adapter
When you install ISA Server on a computer with a single network adapter, ISA
Server is only aware of two networks: the Local Host network that represents
the ISA Server computer itself, and the Internal network, which includes all
unicast Internet Protocol (IP) addresses that are not part of the Local Host
network. In this configuration, when an internal client browses the Internet,
ISA Server sees the source and destination addresses of the Web request as
belonging to the Internal network.
HTH
"Sandy Wood" wrote:
I've got an app on my ISA server (unihomed) that needs to access the web to
download database updates nightly. It requires Basic Authentication.
On our ISA 2004 SP3, we've got the Internal network configured with NT
Authentication only. The app we're using needs Basic but we don't want Basic
turned on for our Internal network.
I configured the Local Host network to enable Web Proxy client connections
to allow the ISA Server web access. I've configured authentication with Basic
only, Basic and NT and I cannot get out. The logs show two entries:
Denied Connection ISASERVER 5/25/2007 2:58:32 PM
Log type: Web Proxy (Forward)
Status: 12209 The ISA Server requires authorization to fulfill the request.
Access to the Web Proxy service is denied.
Rule:
Source: ( 172.23.4.34:0)
Destination: ( 172.23.4.34:80)
Request: POST http://ddsdom.websense.com/cgi-bin/nph-wsget20.exe
Filter information: Req ID: 123641ee
Protocol: http
User: anonymous
If I turn on Basic Authentication on the Internal Network, I get in, the
logs show:
Denied Connection ISASERVER 5/25/2007 2:58:32 PM
Log type: Web Proxy (Forward)
Status: 12209 The ISA Server requires authorization to fulfill the request.
Access to the Web Proxy service is denied.
Rule:
Source: ( 172.23.4.34:0)
Destination: ( 172.23.4.34:80)
Request: POST http://ddsdom.websense.com/cgi-bin/nph-wsget20.exe
Filter information: Req ID: 123641ee
Protocol: http
User: anonymous
Allowed Connection ISASERVER 5/25/2007 3:00:12 PM
Log type: Web Proxy (Forward)
Status: 200 OK
Rule: Default DA Access
Source: Local Host ( 172.23.4.34:0)
Destination: External ( 204.15.67.80:80)
Request: POST http://ddsdom.websense.com/cgi-bin/nph-wsget20.exe
Filter information: Req ID: 12364d25
Protocol: http
User: my.domain.com\my.loginname@xxxxxxxxxxxxxxxxx
Do I need to take the ISA Server out of the Internal network to make this
work? It seems like traffic from the ISA Server is always getting routed to
the Internal Network despite what I configure in the Local Host network.
--
Sandy Wood
Orange County District Attorney
- Follow-Ups:
- RE: Unable to allow Internet Access from ISA Server Machine
- From: Sandy Wood
- RE: Unable to allow Internet Access from ISA Server Machine
- References:
- Prev by Date: Exchange and isa
- Next by Date: RE: Unable to allow Internet Access from ISA Server Machine
- Previous by thread: RE: Unable to allow Internet Access from ISA Server Machine
- Next by thread: RE: Unable to allow Internet Access from ISA Server Machine
- Index(es):
Relevant Pages
|
