• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

2003 Box on Server2008 Domain

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> 2003 Box on Server2008 Domain Page: [1]
Login
Message << Older Topic   Newer Topic >>
2003 Box on Server2008 Domain - 23.Apr.2009 1:40:53 PM   
amorrison0903

 

Posts: 5
Joined: 23.Apr.2009
Status: offline
I know that ISA 2006 will not install on server2008, I currently have ISA06 SP1 installed on a server2003 which is a member server of a 2008 domain with domain functionality of 2003.

My role is edge firewall and setup is as follows... WAN - ISA - Internal Network

I have 3 rules created...

Rule 1 DENIES access to a URL set for a AD Group
Rule 2 ALLOWS access for everyone to everything
Default Rule

Here is my issue...
Whenever anyone visits a website that is on RULE 1, it is denied even if they are not on the AD Group assigned in that rule.  What am I doing wrong?

Any help or advice is greatly appreciated.

Thanks,
ASM
Post #: 1
RE: 2003 Box on Server2008 Domain - 23.Apr.2009 3:45:46 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
How are your client machines configured? AFAIK, if the denied client machines are configured as SecureNAT clients then they will get denied with this rule based on source and destination. Make sure they are either set as webproxy or Firewall clients

Also, make sure the Internet Explorer you have the setting to automatically pass on logged on user credential in Internet security settings 



_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to amorrison0903)
Post #: 2
RE: 2003 Box on Server2008 Domain - 23.Apr.2009 4:42:30 PM   
amorrison0903

 

Posts: 5
Joined: 23.Apr.2009
Status: offline
Thanks for the quick reply.  I am redoing ISA and the server, I will post results tomorrow.

I did have them set up as web proxy clients via gpo, but I was having sysvol issues as I found out later so settings may not have applied.  I have since then fixed all domain/dns/ad issues.

Thanks again!
ASM

(in reply to inderjeet)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> 2003 Box on Server2008 Domain Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts