• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2004 proxy configuration problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> ISA 2004 proxy configuration problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2004 proxy configuration problem - 23.May2005 1:53:00 AM   
phxby

 

Posts: 1
Joined: 23.May2005
Status: offline
Hi,

I got stumped in configuring Microsoft ISA 2004 in order for it to be able to completely replace our Squid server: The configurations that I need to work with ISA are as follow:

- Proxy client users need to authenticate their session with ISA before can start browsing (I got it work thru by using RADIUS, by giving the checkmark on require authentication on the ISA proxy configuration. Forcing authentication apparently requires everybody to authenticate, while not giving the checkmark makes anybody can access the Internet)

- Certain hosts/ IP from Internal network can browse the Internet without authenticating with ISA at all. (we have some servers that need to be able to go to the Internet to obtain their updates from several vendors without being asked for username or password at all. This configuration currently does not work because I have to give a checkmark on "require authentication", in order to make (1) works.)

- Certain hosts and users can browse a limited number of sites on the Internet without authenticating with ISA at all. (we have a service that is outsourced to a third party, and everybody no matter whether they have account in the AD or not, must be able to go this website, and not to any other website unless they authenticate themselves).

- Able to restrict some websites for certain users, and allow other users to be able to browse freely.

Now my question is can I accomplish the goals above with ISA 2004? It seems to me with ISA server (for authentication), it's either everybody must authenticate, or everybody does not need to authenticate at all.

Thank You
Post #: 1
RE: ISA 2004 proxy configuration problem - 24.May2005 10:32:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Irwan,

1. Autentication and access is controlled by Access Rules, not the "ask unauthed users to auth" checkbox. You should never enable that checkbox because of other problems it brings to fore

2. If the ISA firewall is in the path, and you have configured Access Rules requiring authentication, then no one will ever bypass the ISA firewall to access the Internet.

3. Access rules control what users can access what sites and at what times. You can also configure access per IP address and not require authentication, or you can allow unauthenticated connections to specific sites as well. The ISA firewall is very powerful in giving you extremely granular access control.

HTH,
Tom

(in reply to phxby)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> ISA 2004 proxy configuration problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts