RE: Problem with Direct Access in ISA Server 2004

Hi,

Thank you for posting in SBS newsgroup.

From the description, I understand that you want to configure Direct Access
for a specific web site. If I have misunderstood your concerns, please do
not hesitate to let me know.

Here, I would like to provide you the following suggestions:

1. Open ISA management console, expand the server name. Expand the
Configuration node and click the Networks node.
2. In the details pane, click the Networks tab and then double click the
Internal Network.
3. In the Internal Properties dialog box, click the Web Browser tab. On the
Web Browser tab, click the Add button.
4. In the Add Server dialog box, select the Domain or computer option and
enter the name of the site that you want Direct Access to be used. Enter
*.domain.com in the text box, click OK. (I assume the domain name of the
website is *.domain.com)
5. Then go to the Domains tab, add *.domain.com into the Domains Names
list. Click Apply to save the changes and then update the firewall policy.
6. Double click on the Firewall client icon in the system tray Click the
Test Server button. This forces the Firewall client to pull the new
configuration information from the ISA firewall. Click Close in the Testing
ISA Server dialog box when the test completes, then click the Apply button
in the Microsoft Firewall Client for ISA Server 2004 dialog box.

More information:

Configuring Sites for Direct Access
http://www.isaserver.org/articles/2004directaccessp2.html

After that, internal clients which are configured as Firewall Client and
Web Proxy Client will bypass the Web Proxy and Firewall Client and only
leverage the SecureNAT client to access this internal website. (For other
resources, it will still use either the Firewall Client or the Web Proxy
Client.)

If the problem still persists, would you please help me gather the
following info?

1. Where is the "domain.com" domain? Is it inside the SBS LAN?
2. What is the name of the SBS domain? Do you have multiple internal
domains?
3. Please describe the detailed network topology with IP schema enclosed.
4. Capture a screenshot on the Web Browser tab.
5. Please tell me the exact purpose of configuring Direct Access.

The Direct Access list is used when you want to bypass Web Proxy client to
access the resources (such as web website). Instead, the client will
leverage either SecureNAT client or Firewall client (if installed) to
handle the traffic. There are two scenarios we need to configure the Direct
Access:

1) The external website is not compatible with the ISA's web proxy engine.
(For example, use OE to access the hotmail.)
2) There is a website located inside the ISA network which is in the same
subnet of the client computer. We need to configure Direct Access so that
the client will send the request directly to the website other than loop
the traffic thru the ISA.

6. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/isainfo/ISAInfo.zip

2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-crinal@xxxxxxxxxxxxx

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Francisco Javier Escoppinichi" <fdrgnmx@xxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Problem with Direct Access in ISA Server 2004
| Followup-To: microsoft.public.windows.server.sbs
| Date: 2 Aug 2006 18:26:55 -0700
| Organization: http://groups.google.com
| Lines: 20
| Message-ID: <1154568415.739976.93570@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 201.120.8.244
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1154568420 20136 127.0.0.1 (3 Aug 2006
01:27:00 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Thu, 3 Aug 2006 01:27:00 +0000 (UTC)
| User-Agent: G2/0.2
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
..NET CLR 1.1.4322; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
| X-HTTP-Via: 1.0 SERVIDOR
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: i3g2000cwc.googlegroups.com; posting-host=201.120.8.244;
| posting-account=JFgczg0AAADsiU6puGdL4SD8B8XqkMWh
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed00
..sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.
giganews.com!nntp.giganews.com!postnews.google.com!i3g2000cwc.googlegroups.c
om!not-for-mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:286507
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hello people,
|
| I recently instaled a server with Windows Small Business Server 2003
| SP1, and ISA 2004 Standard Edition SP2.
|
| I did not modified the default ISA configuration, except for the
| following:
|
| Under Networks, on Web Browser tab, I added a domain in order to have
| Direct Access to it.
|
| *.domain.com
|
| But, on the client computer, with Firewall Client installed, when I try
| to access that domain, I got a 403 Forbidden error.
|
| What did I do wrong? Can anyone help me on setting Direct Access for a
| specific website?
| Thanks.
|
|

.

Quantcast