Hello - We recently upgraded from ISA2000 to ISA2006. One of the many problems we have encountered is restricting our internet access. We have 2 groups in Active Directory that allow internet access if you are a member. In our old configuration, this worked fine. In our 2006 environment, when we make a rule allowing access to the internet if you are a member of these 2 groups, then users get a logon window and do not get internet access even with correct credentials. Right now, we allow anyone access to get around this, but I need to lock access down to authorized users. Any ideas? Thanks!
We have 2 NICs, one internal and one external. The server that ISA 2006 is on is our firewall and it does NAT. Everything is on the same domain. Our internet access rule is written to allow all outbound traffic from local host to external to all users anytime.
There is another rule written to allow all outbound traffic from internal network to external to all users anytime.
These rules were written by the people who were paid to come in and install this.
Our internal network is 192.168.200.x/24 Our external network has the IP assigned by the ISP with 2 IP's assigned to it, one for Exchange, the other for our website.
We also use the ISA server as a web proxy, so our clients are actually all 3 types.