Re: ISA 2006 in basic web proxy mode query
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Fri, 26 Sep 2008 11:40:43 -0500
If you can, please correct your newsreader format so that it is easier to
designate the difference between quoted text and new text, so I don't have
to prefix everything with [name]. Mine normally inserts the ">" in quoted
text, but something on your end is breaking that.
"WALI" <hkhasgiwale@xxxxxxxxx> wrote in message
news:65145c36-f966-4db5-becb-fb299c0399bf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
There is an issue here. The LAN router cannot be assigned to use ISA
as it's DG. All the traffic not destined internally, find a DG to
another Core switch across this campus lan. That's where the current
web traffic also goes. I only want to divert specific web traffic
across specific subnets (10.10.8.* and 10.10.10.* as an example) to my
ISA and out. I think my only option here is to push proxy IP
(10.10.8.166) to these machines via windows 2003 group policy. There
are security groups that map to IP subnets.
[Phil]
If you don't use SecureNAT Clients the the ISA does not need to be in the
routing path to the Internet and the LAN Router does not need to use the ISA
as the Default Gateway.
If you do need SecureNAT Clients then you have no choice,...ISA must be the
Default Gateway of the LAN Router. You will have to configure the LAN Router
with a Static Route(s) so it knows what "other" Router [they are Routers in
this context, not Switches] to send the Campus destined traffic. This can
also be done by just configuring Dynamic Routing Protocols (RIP, IGRP, OSPF,
etc) so the LAN [Campus] Routers will automatically know how to deal with
each other. Default Gateway (aka Gateways of Last Resort) are for *Unknown*
destiantions,..not *Known* destinations,...Known Destinations are supposed
to be handled by Static Routes or Dynamic Routing Protocols.
[Phil previous]
c:\route add -p 10.10.0.0 mask 255.255.0.0 10.10.8.129
[Wali]
So in my case, it might be two route commands representing 10.10.8.0
and 10.10.10.0, to start with, correct?
[Phil]
No. Look at the route I gave,...it covers everything from 10.10.0.0 through
10.10.255.255. But if there is a problem doing that, then, yes you can
break them into smaller routes.
[Phil previous]
If you give the Clients "proxy settings" in the browser then the Browser
and any other "browser-fied" Application will operate as Web Proxy
Clients.
The Web Proxy Service only handles HTTP, HTTPS, Read-only FTP, and Gopher
(if anyone cares about gopher?). All other protocols will continue to use
either the Firewall Service or the SecureNAT Service. The Firewall Client
software can also be configured to "push" the proxy settings to the
Browser.
[Wali] This is exactly what I want to do. It I use the built-in wizard of
'Edge firewall' within ISA 2006, Firewall services on ISA will be
probably enabled and started. Does it have any effect in case I do not
install the firewall client on desktops pc just yet?
[Phil]
No Firewall Client software = No Firewall Clients
It is no more complex than that. It just depends on what you need/want.
[Wali] Although, it's my understanding that SecureNAT clients of my Xp/2000
do not require any special software, but I should configure the
default gateway so that all traffic destined to the Internet is sent
by way of my ISA Server. Would my pushing of proxy server settings
within each of these Internet Explorer LAN settings accomlish this?
[Phil]
Accomplish what? Make the SecureNAT Clients work? No. The proxy settings
make the web browser work as a Web Proxy Client.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- References:
- ISA 2006 in basic web proxy mode query
- From: WALI
- Re: ISA 2006 in basic web proxy mode query
- From: Phillip Windell
- Re: ISA 2006 in basic web proxy mode query
- From: WALI
- ISA 2006 in basic web proxy mode query
- Prev by Date: Re: ISA 2006 in basic web proxy mode query
- Previous by thread: Re: ISA 2006 in basic web proxy mode query
- Index(es):
Relevant Pages
|
