Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Server publishing rule with authentication
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Server publishing rule with authentication - 19.Jul.2007 3:28:45 PM
|
|
|
moreauer
Posts: 18
Joined: 13.Jun.2007
Status: offline
|
Hi everyone,
Is it possible to publish a server with strong authentication ??? 
My network is divided in 7 area and some area can communicate with others by virtual firewall and some area cannot communicate with others. Only 1 area can communicate with all the area. I know it's complicated but it was built this way before my time...
My ISA server as a network card in area 1 and 2. Area 2 is considered my "external" network and Area 1 is considered "internal" (Area 1 can comuunicate with all the area by virtual firewall). I want to publish a terminal server in my "inside" network to my "external" network but I want to have strong authentication for those users (in "external" network) who will use the terminal server.
Server publishing rule does not have any authentication at all.
Right now, I use my virtual firewall to authenticate but I was hoping that I could do that with ISA 2006 Enterprise.
Any advice would be greatly appreciated...
Thanks in advance...
Eric
|
|
|
|
RE: Server publishing rule with authentication - 19.Jul.2007 3:59:03 PM
|
|
|
ferrix
Posts: 375
Joined: 16.Mar.2005
Status: offline
|
Well let's see.. you're not talking about application layer auth it seems, but rather at a lower level. Sounds like a site-to-site VPN situation, or use IPSec. This is a bit out of my expertise so other people please chime in!
|
|
|
|
|
RE: Server publishing rule with authentication - 19.Jul.2007 4:26:23 PM
|
|
|
moreauer
Posts: 18
Joined: 13.Jun.2007
Status: offline
|
I was more looking at RADIUS for authentication... Like in a web server publishing rule, in the "listener". I was hoping that I could do the same with a server publishing rule... The users have already connected to the domain but the security team wants the area 1 VERY secur. So that's why I have to put strong authentication for every communication to this area.
As for the VPN, I did check it out a bit but it seems too much for what I want. Some users will connect to the domain using a VPN from home to area 2 and they will have to connect to another VPN to go to area 1... Sounds weird but if that's what it takes to work, I'll look into it more...
As for IPSec, it's the same for me, it's a bit out of my expertise.
So anyone else ???
By the way, thanks again for your time ferrix
Eric
|
|
|
|
|
RE: Server publishing rule with authentication - 19.Jul.2007 4:32:17 PM
|
|
|
ferrix
Posts: 375
Joined: 16.Mar.2005
Status: offline
|
You can't compare to web publishing or proxy because in both those cases the authentication is being done at the application level (meaning in HTTP)
In order to do something similar with other application protocols, you need proxy-like intelligence comparable to what is done for http. ISA doesn't have full proxies and authenticators for other protocols, so if you want those features you have to look to third party filters (we've done some of those in the past).
But if your needs can be solved by a lower layer such as IPSec or vpn link, it will sure be faster and cheaper (and also apply to all traffic over that link, instead of one protocol or the other)
|
|
|
|
|
RE: Server publishing rule with authentication - 20.Jul.2007 8:12:40 AM
|
|
|
moreauer
Posts: 18
Joined: 13.Jun.2007
Status: offline
|
Thanks ferrix,
I'll give that to my project manager and see what he'll say.
Eric
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
