Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

client authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> client authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
client authentication - 27.Feb.2008 1:42:00 PM   
Bmoyer

 

Posts: 9
Joined: 16.Jan.2008
Status: offline 		Can anyone tell me where authentication would take place if a I'm logging on to a network through Isa on a remote site to site vpn and trying to get on the internet through another isa box with surfcontrol. If the web proxy is configured to authenticate all users will it authenticate at  the remote site or the end of the tunnel to get out on the internet? My clients only show up as anonymous and wont authenticate  
Post #: 1
RE: client authentication - 12.Mar.2008 11:20:41 AM   
pwindell

 

Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline 		Whether or not authentication is required depends on the Config of the Access Rules involved.

Whether the Client is capable of authenticating is based on what "type" the Client is (Web Proxy Client, SecureNAT Client, Firewall [winsock] Client).

Where the Client authenticates depends on the over-all structure of the whole setup.  It could be that they have to authenticate to both ISA Servers along the way, or it could be only one ISA, or it could be neither one and there isn't any authentication.

The first ISA you are dealing with is just for the VPN.  The VPN is subject to Access Rules. If the Access Rules require authentication, then the user has to authenticate with that particular ISA to be able to use the VPN.

Then next ISA at the Internet "edge" will also have Access Rules.  The same principles apply,...if the Rules require authentication, then the user will have to authenticate there as well,...so they are authenticating twice.

Rules that use "All Users" are anonymous,...no authentication is used

Rules that use specific Users/Groups in a User Set require authentication.

Web Proxy and Firewall [winsock] Clients are capable of authenticating and are usually expected to authenticate.

SecureNAT Clients can never authenticate,...they are not capable.  Therefore they can only make use of Access Rules that are set for "All Users".


_____________________________

Phillip Windell
www.wandtv.com

(in reply to Bmoyer)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> client authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts