Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Using proxy interface on the opposite side
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Using proxy interface on the opposite side - 1.Jul.2008 9:30:55 AM
|
|
|
apagliara
Posts: 3
Joined: 1.Jul.2008
Status: offline
|
Hi everybody,
I have the following situation
[LAN]------[ISA-Proxy]------[PIX]-----[INTERNET]-----[Cisco VPN Users]
The goal I must obtain is making the [Cisco VPN users] connecting through the Cisco client browse the internet using the Web Proxy on the ISA Server.
At the moment when a [Cisco VPN user] tries to browse the internet using the LAN-side interface as the proxy, I can notice in the ISA monitoring that a HTTP Proxy connection is established successfully (Initiated Connection) but after a few seconds it is dropped (Closed connection); the browser shows a message telling that the page cannot be opened.
Enabling the Web Proxy on the PIX-side interface and setting the web browser of the [VPN user] to use the ip address of this interface (PIX-side) as a proxy, everything works fine.
At this point my problem is that the users' browsers are set to use the ISA host name that is resolved with the ip address of the LAN-side interface.
The problem could be solved either making the connection on the LAN-side work for [VPN users] or making the host name of the ISA-Proxy resolved with the ip address of the PIX-side interface just for [VPN Users].
Of course I cannot ask users to modify settings when they are connected to the LAN or through the VPN.
Any ideas?
Thanks in advance
|
|
|
|
|
RE: Using proxy interface on the opposite side - 1.Jul.2008 5:32:08 PM
|
|
|
paulo.oliveira
Posts: 771
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
is the network of your VPN clients the same as the LAN network? If not, maybe is some route problem.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Using proxy interface on the opposite side - 1.Jul.2008 5:44:08 PM
|
|
|
apagliara
Posts: 3
Joined: 1.Jul.2008
Status: offline
|
VPN users are not in the same network of LAN users, anyway VPN users can reach ip addresses on the LAN and can even telnet port 8080 (web proxy port) of the network interface on the LAN-side.
|
|
|
|
|
RE: Using proxy interface on the opposite side - 1.Jul.2008 6:03:40 PM
|
|
|
paulo.oliveira
Posts: 771
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
OK, but you have a back-to-back configuration is ISA allowing communication from this VPN network to PIX firewall? Better, is ISA aware of this network as VPN network or some other Network object? Cause the way out of your network is through PIX anyway.
They will pass through both firewalls instead of just one (PIX).
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Using proxy interface on the opposite side - 2.Jul.2008 4:55:31 AM
|
|
|
apagliara
Posts: 3
Joined: 1.Jul.2008
Status: offline
|
Thanks for your answer,
quote:
ORIGINAL: paulo.oliveira
OK, but you have a back-to-back configuration is ISA allowing communication from this VPN network to PIX firewall?
Yes, it is, VPN clients can reach ip addresses on the [LAN], can telnet port 8080 of the Proxy interface on the LAN-side and I don't see anything blocked in the monitoring logs. Browsing works if I set the browser to use the Proxy service enabled on the PIX-side.
quote:
ORIGINAL: paulo.oliveira
Better, is ISA aware of this network as VPN network or some other Network object?
The VPN Users are placed in a network defined in ISA as an Enterprise Network.
Thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
