I have downloaded the EVAL version of ISA Server 2006 and now want to configure with proxy with some block sites.
My machine Configuration : Windows Server 2003 R2 with 2-NIC. and My IP is 192.168.0.99, 192.168.0.98.
192.168.0.98 is connected to RV042 (192.168.0.100 with DHCP enabled) router for net. All user in our LAN are connected through 192.168.0.100.
Now I want to configure My machine as server and all others clients, Client will permitted to use selected sites only.
I have tried to install ISA 2006 with default configuration, but while accessing any web page get "Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)" error,
Have tried after stop "Microsoft Firewall" service, net working fine. So now I am not sure that, this is working fine, I think "Microsoft Firewall" service is running with ISa services.
Can any one shows me how can I configure it with my network.
Good to see you've reconfigured the NICs on different subnets.
Do you have a DNS server on the subnet that the internal NIC of the ISA Server is connected to?
If so, you need to remove the DNS servers on the external NIC, otherwise you'll have issues! You should only place DNS server addresses on the internal NIC of the ISA Server. That means, even if you didn't have an internal DNS server, you should add the external DNS server addresses to the internal NIC instead of the external NIC. Also, make sure that you disable NETBIOS, file and printer sharing and DNS registration on the external NIC.
Now have created a Access rule in firewall policy for access net on my PC as well as on client computer. have used the following steps. but while browsing I got 403 error.. "Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)" error",
Steps: In the ISA firewall console, expand the server name and then click the Firewall Policy node. Click the Tasks tab in the Task Pane and click the Create New Access Rule link. On the Welcome to the New Access Rule Wizard page, enter Web Protocols to Internet and click Next. Select the Allow option on the Rule Action page and click Next. On the Protocols page, select the Selected protocols option from the This rule applies to list and then click the Add button. In the Add Protocols dialog box, click the Web folder and then double click on the FTP, HTTP and HTTPS protocols and then click Close Click Next on the Protocols page. On the Access Rule Sources page, click the Add button. In the Add Network Entities dialog box, click the Networks folder and then double click on the Internal network. Click Close Click Next on the Access Rule Sources page. On the Access Rule Destinations page, click Add. In the Add Network Entities dialog box, click the Networks folder and then double click External. Click Close. Click Next on the Access Rule Destinations page. On the User Sets page, click the All Users entry and click Remove. We donít want to allow anonymous connections to the Internet through the ISA firewall, so we must remove the All Users entry. Click the Add button. In the Add Users dialog box, double click the All Authenticated Users entry and click Close. Click Next on the User Sets page Click Finish on the Completing the New Access Rule Wizard page
Ammend the rule by removing the Authenticated Users group and add the All Users group as you had orignially and then try again. I understand that you don't want to allow annonymous access - this is just for troubleshooting.
Ok, here's the steps that you should carry out to get outbound access. For now we won't configure authentication and we won't specify certain protocols.
Configure Networks - Add the internal address ranges to the Internal ISA Network named 'Internal'.
Configure the Internal Network properties. Ensure that Web Proxy clients and Firewall clients are enabled, and configure the authentication settings correctly. NOTE: Don't select the option to require all users to authenticate within the Authentication settings found in the Web Proxy tab. Just tick Integrated and Basic.
Configure Network Rules - By default, a rule exists called 'Internet Access'. This rule should list the Internal Network as one of the source networks and the external network as the destination. Depending on the network template you're using, the relationship can be either NAT or Route. Ensure that the correct relationship is set up depending on your configuration.
Configure an access rule, that allows all Outbound Traffic, from the Internal Network to the External Network and for All Users.
See how you get on and if we have any joy, we can start tightening things up.
Oh, one more question.....where is your internal DNS server located? Is it on the external network or the internal network?