Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Web Proxy with Single NIC
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Web Proxy with Single NIC - 13.Sep.2005 10:58:00 AM
|
|
|
tanders
Posts: 2
Joined: 13.Sep.2005
From: NY
Status: offline
|
I have just installed ISA 2004 on a Windows 2003 server with just one NIC. We are trying to do some very basic testing and do not need to use any Firewall functionality. All the users care about is having the proxy service available to get to some of their web servers. I enabled the proxy service but when I go to another client, enter the proxy info in and go to the web page, I get the following message: Error code 502, ISA server denied specified URL (12202). I think it has something to do with the underlying firewall software which I don't want to use. Any thoughts or help? I was hoping this would be a real easy setup. Thanks!
|
|
|
|
|
RE: Web Proxy with Single NIC - 13.Sep.2005 11:26:00 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Easy? PFFT!
If it was easy everyone would be doing it and we would not be getting paid the big bucks!
Stop fighting the firewall. It is inevitable. A single NIC "proxy" on ISA is a big dissapointment. The sooner you realize it and put in a second NIC, the happier you and your clients will be.
|
|
|
|
|
RE: Web Proxy with Single NIC - 14.Sep.2005 8:44:00 AM
|
|
|
davidtheilman
Posts: 20
Joined: 2.Apr.2004
From: Maryland
Status: offline
|
Don't you just love when you ask for help and ego's get in the way with replies LLigetfa gave?
Isn't it just nice to hear that he is using ISA and trying it?
"Stop fighting the firewall" did you maybe think he has one already in place
So to help:
Are you running the ISA proxy client on al of these clients? Do you have outbound access setup with an AD group or All Users?
Take Care
|
|
|
|
|
RE: Web Proxy with Single NIC - 14.Sep.2005 9:19:00 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
It is not ego. It is more the fervor of a born again Christian. I fought the notion of a two NIC ISA firewall for three years and finally came to the realization on the road to Damascus.
Resistance is futile.
|
|
|
|
|
RE: Web Proxy with Single NIC - 14.Sep.2005 12:31:00 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
Wow...just wow (not you tanders).
Anyways, the Firewall piece is not in the way as you are receiving a Deny Message from the Web proxy component - if the Firewall was preventing the connection, you would have received a Time Out.
What rule do you have setup for these clients? Alllow HTTP from Internal to Internal? Since this is a Single NIC ISA, the Source and Destination are always going to be Internal - it throws a lot of people, including me when I first set it up.
[ September 14, 2005, 12:31 PM: Message edited by: ClintD ]
|
|
|
|
|
RE: Web Proxy with Single NIC - 14.Sep.2005 3:49:00 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
BTW David, what is the "ISA proxy client"? I know of three client types on ISA:
Secure NAT (S-NAT)
Web Proxy (WP)
FireWall Client (FWC)
While I was banging my head against the wall trying to get functionality out of a single-NIC ISA, I was told by MS that FWC only works with two NICs.
|
|
|
|
|
RE: Web Proxy with Single NIC - 16.Sep.2005 10:20:00 AM
|
|
|
davidtheilman
Posts: 20
Joined: 2.Apr.2004
From: Maryland
Status: offline
|
of course you need two NIC's, that was not my point. My point was that your ego got in the way of helping
|
|
|
|
|
RE: Web Proxy with Single NIC - 16.Sep.2005 10:33:00 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Well... before estimating the size of my ego and passing judgement on the quality of my help, note that tanders asked for "Any thoughts or help", not Any thoughts AND help.
I only wish that someone would have spoken up and saved me the aggravation and disappoinment of trying to get functionality from a single NIC deployment.
|
|
|
|
RE: Web Proxy with Single NIC - 19.Sep.2005 3:45:00 AM
|
|
|
RuiFiske
Posts: 92
Joined: 8.Dec.2004
From: London
Status: offline
|
I love these kind of rants ![[Wink]](/image/smiles/wink.gif)
Anyway, to the problem:
Yes, it is an easy set up, or should be. As Clint says, your basic rule should be Anywhere to Anywhere (or Internal to Internal), allow HTTP, HTTP Proxy (usually port 8080), and (if required) HTTPS and HTTPS Proxy.
In a test environment, the best thing to do is to start with a loose policy, and gradually tighten it. So, initially, I would allow anywhere to anywhere, any protocols, and make sure that everything else works. If you're not looking for Firewall functionality, then this policy is fine, especially with 1 NIC!
The reason that you get this message is usually for one of two reasons:
1. The policy does not allow connections to the URL (solved by suggestion above).
2. The proxy cannot resolve the address or locate the URL target. This is likely to be caused by:
a. The resource does not exist (incorrect URL)!
b. Your DNS is incorrectly set up, and the proxy cannot resolve the address.
I recommend that you set up the Proxy clients, which means configuring the Proxy settings in the Browsers, which can be done through Group Policy in roll out.
Good luck, and let us know how you get on!
|
|
|
|
|
RE: Web Proxy with Single NIC - 21.Sep.2005 7:38:00 AM
|
|
|
tanders
Posts: 2
Joined: 13.Sep.2005
From: NY
Status: offline
|
Thanks for all the help and advice. Turns out that I had completely disabled the Firewall service as opposed to just getting my needed firewall services opened up via rules. Things are working great now!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
