Welcome to ISAserver.org

Web Chaining

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Web Chaining

Page: [1]

Message

<< Older Topic Newer Topic >>

Web Chaining - 27.Jul.2004 12:21:00 PM

sioakim

Posts: 7
Joined: 1.May2004
Status: offline

Hi all,

I was wondering if anyone has used web chaining with success.
I have my ISA box that works ok and I have incoming and outgoing traffic but I wanted another feed just for incoming web browsing.

So I got a DSL line and put it on another PC and setup wingate.

I then configured on ISA to web chain to the DSL machine. Here comes now the strange part.

ISA server doesn't ALWAYS forward the url but the ip.
so for example if I request http://www.isaserver.org it will forward http://69.20.55.133

Some rare cases (which haven't figured out which) it will forward normally http://www.isaserver.org.

This is OK of course for some sites but a lot of sites that use virtual hosting it is a disaster! I keep getting the ip-based site and not the virtual one.

Any ideas on where I should start debugging this?

Post #: 1

Featured Links*

RE: Web Chaining - 27.Jul.2004 9:29:00 PM

sioakim

Posts: 7
Joined: 1.May2004
Status: offline

I also tried this with a squid proxy and still ISA forwards the resolved address.

Anyone has the same problem and has a solution?

(in reply to sioakim)

Post #: 2

RE: Web Chaining - 28.Jul.2004 12:00:00 AM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Spyros,

How did you configure the Web Proxy chaining setup on the ISA firewall?

Thanks!
Tom

(in reply to sioakim)

Post #: 3

RE: Web Chaining - 28.Jul.2004 9:03:00 AM

sioakim

Posts: 7
Joined: 1.May2004
Status: offline

Hi Tom,

Under Web Chaining i create a new rule.
Under Destinations I select External Network
Request Processing: Redirect requests to a specified upstream server. (I have checked also delegation of basic auth credentials but it doesn't make any difference for my problem)
Server: 192.168.2.5 (the ip of my dsl proxy)
port: 8080
ssl port: 8080
When the primary route is unavailable: Retrieve requests directly from the specified destination.

The above steps are with the wizard but I didn't see anything else interesting to change anyway.

Thanks,
Spyros

(in reply to sioakim)

Post #: 4

RE: Web Chaining - 29.Jul.2004 2:29:00 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Spyros,

Are *all* your clients configured as Web Proxy clients?

Thanks!
Tom

(in reply to sioakim)

Post #: 5

RE: Web Chaining - 5.Aug.2004 10:40:00 AM

sioakim

Posts: 7
Joined: 1.May2004
Status: offline

This is exactly what i found out.

If I don't use any settings in LAN Connections without a proxy then i get the above effect (SecureNAT).

If I configure the isaserver:8080 in the proxy settings of the client then the correct url is requested and correct page is displayed.

Is this a bug or correct behaviour?
I want to have on the clients the most straightforward solution available and not use a web proxy. Right now I used a group policy to enable it but I don't like the solution....

(in reply to sioakim)

Post #: 6

RE: Web Chaining - 5.Aug.2004 1:27:00 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Sypros,

Its correct behavior. The ISA firewall has complete knowledge of the URL when the client is configured as a Web Proxy client. Using SecureNAT (the *weakest* client type, so of like a hardware firewall's client) the ISA firewall only see the IP address. This is completely normal and expected.

HTH,
Tom

(in reply to sioakim)

Post #: 7