Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Allow internet access to users in DMZ
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Allow internet access to users in DMZ - 14.Jun.2004 10:18:00 PM
|
|
|
Cern
Posts: 10
Joined: 14.Jun.2004
Status: offline
|
Hi,
Currently, I have a 3 leg perimeter network. The address range of the internal network is 10.0.0.1 - 10.0.0.2 and the address range of the DMZ perimeter network is 192.168.1.1 - 192.168.1.100. The external network is connected directly to the internet by a cable modem. Users in the internal network can access the internet and they are authenticated by the ISA through an active directory controller. I would also like users in the DMZ to have access to the internet, but I want those users to be authenticated by the active directory in the internal network. Is this possible? If so, how would I go about implementing this?
Thanks in advance
|
|
|
|
|
RE: Allow internet access to users in DMZ - 15.Jun.2004 2:49:00 AM
|
|
|
Magus
Posts: 26
Joined: 26.Mar.2004
Status: offline
|
You want your DMZ to authenticate against the AD? I'm taking it that your DC is in the internal network, so as far as I know then, you'd need to allow LDAP traffic between the DMZ and Internal.
|
|
|
|
|
RE: Allow internet access to users in DMZ - 15.Jun.2004 4:01:00 AM
|
|
|
Cern
Posts: 10
Joined: 14.Jun.2004
Status: offline
|
What I would like is for a client on the DMZ to use the ISA server as a proxy server. The internal address of the ISA server is 10.0.0.6 and the DMZ address is 192.168.1.1. Currently a client on the internal network can use the internal address of the ISA server to access the internet. Similarily, I want a client on the DMZ to use the external address of the ISA server to access the internet.
As far as authentication is concerned, if a DMZ client can use the ISA server as a proxy, would it be necessary to allow LDAP traffic to the AD on the internal network? Wouldn't the ISA server prompt a username/password dialog?
My initial thought was to use the server publishing wizard to publish the proxy aspect of ISA. But I am not sure if this is possible, if it this, then I may have not configured it correctly.
I don't want to allow anonymous internet access to users on the DMZ, I just want them to enter their username and password so I have a log of who goes where.
Sorry if I didn't provide enough information on the setup.
Thanks again
[ June 15, 2004, 04:06 AM: Message edited by: Cern ]
|
|
|
|
|
RE: Allow internet access to users in DMZ - 15.Jun.2004 5:13:00 PM
|
|
|
Cern
Posts: 10
Joined: 14.Jun.2004
Status: offline
|
I did a little searching in the ISA MMC and found that I can enable web proxy clients on particular network interfaces resolving the problem.
|
|
|
|
|
RE: Allow internet access to users in DMZ - 15.Jun.2004 5:57:00 PM
|
|
|
tshinder
Posts: 49328
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Cern,
You got it! And if you install the Firewall client on the DMZ hosts, the Firewall client credentials will be passed to the Web Proxy filter so that you don't have to worry about Web proxy client config.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
