ISA configuration
From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 04/16/04
- Next message: Aaron Boone: "SBS 2003 fax hardware & setup"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: ISA How-to Question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 15 Apr 2004 18:54:21 -0700
Whatever happened in your situation, inbound VPN
connections which are handled in RRAS is a completely
different issue than any outbound Internet access which
<is> handled by ISA. What I'm saying is this... although
you can make a few RRAS configurations through ISA, those
functions actually operate completely separately from any
native ISA functionality.
So,
If your VPN connections are working properly, leave that
alone and focus only on what is required for outbound web
proxy access.
You need:
- Each Web Application (ie. web browser) must be
configured with a Proxy configuration pointing to your
Server (be default by name) on port 8080.
- You need a Site & Content rule that permits access to
all destinations for the Backoffice Internet Users group.
- You need a Protocol rule that permits access for at
least the HTTP, HTTPS and any other permitted protocols
for the Backoffice Internet Users group.
- Your Users must be members of the Backofice Internet
Users group.
Note:
The following issue and fix has worked for me and any
others I've shared this with every time, but is an
unsupported and not widely used fix, so you can try <if
this situation applies to you>,
As always, at least 90% of the time problems can occur due
to poor DNS mistakes. MS DNS automatically creates an
entry for for the Server for every IP address configured
on the machine which means that a SBServer will have both
a WAN and LAN address.
You can do a Q & D check to see whether your client is
pointing to the primary LAN address by opening your FW
client, inspecting the name you're using to contact the
Server and pinging <that exact name>. The object isn't
whether you get a response but <what IP address> is
returned, whether it's the LAN IP or something else.
If the LAN IP address isn't returned, then I delete all A
records for the SBServer except for the LAN primary
address. From what I've seen, Microsoft DNS will recreate
the records, but this seems to solve any issues where the
machines may be pointing to the WAN or other incorrect
address.
HTH,
TonySu
>-----Original Message-----
>Hi,
>
>I have made some modifications to my SBS2000 ISA Server
to
>allow VPN connections following the Small business Server
>FAQ site article at
>http://www.smallbizserver.net/DesktopDefault.aspx?
>tabid=108 and the Microsoft Microsoft Knowledge Base
>Article - 320697 at http://support.microsoft.com/?
>id=320697.
>
>Before the changes any pc in my LAN could connect the
>Internet without any configuration. Now my ISA Server
>requires authentication and every pc must be correctly
>configured to get access.
>
>Even with the pc's correctly configured, some of them
have
>also Hotmail accounts that started to asked proxy
>authentication.
>
>How can I go back with this and grant access to any pc
>connected to my LAN?
>
>This seems to be easy but I don't understand much about
>ISA Server.
>
>Thank you.
>.
>
- Next message: Aaron Boone: "SBS 2003 fax hardware & setup"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: ISA How-to Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
