We are currently have the following configuration set up.
Client XP -> IWSS 2.0 -> ISA 2000 Sp2 -> Internet
The client PC uses the webproxy client and either Ie6 or Firefox, IWSS is installed on it's own Server running Windows 2003, ISA 2000 runs on a dedicated server running win2k with sp4. IWSS is configured to work in dependent mode with ISA as it's proxy.
When accessing a web page for the first time, the browser prompts for a user name and password. If a the correct credentials are used the web page will be displayed. If cancel is clicked in response to the prompt for credentials, the an 407 is displayed. If the browsers refresh button is clicked, the web page will then display without a prompt or without the need to enter a userid or password.
It is then possible to use the browser for several minutes accessing multiple pages before another prompt for a userid and password appears.
We've sniffed the traffic from the client and have observed a sequence of events like the following.
1) Get http:// url.... client -> iwss + isa 2) 407 unauthorised iwss -> client 3) Get http:// url.... client -> iwss + isa 4) 407 unauthorised iwss -> client 5) Get http:// url.... client -> iwss + isa 6) 407 Proxy authentication required. The ISA server requires authorisation to fulfill the request. Access to the web proxy service is denied. Proxy connection closed.
Incidentally, we have also tried this with ISA 2004 and get similiar results.
I have had a good look through my copy of the ISA 2000 book but still can't pin point the cause.
If anyone has had similar problems or can point me in the right direction it would be much appreciated.
ISA 2004 is to upstream all external traffic to IWSS on the same machine (web chaining rule to port 8082).
Everything works fine, except that some sites (like www.gmx.net/de) require the user to authorize.
Does anyone has a solution for this issue?
Kind regards,
Maik.
quote:Originally posted by simon b: We are currently have the following configuration set up.
Client XP -> IWSS 2.0 -> ISA 2000 Sp2 -> Internet
The client PC uses the webproxy client and either Ie6 or Firefox, IWSS is installed on it's own Server running Windows 2003, ISA 2000 runs on a dedicated server running win2k with sp4. IWSS is configured to work in dependent mode with ISA as it's proxy.
When accessing a web page for the first time, the browser prompts for a user name and password. If a the correct credentials are used the web page will be displayed. If cancel is clicked in response to the prompt for credentials, the an 407 is displayed. If the browsers refresh button is clicked, the web page will then display without a prompt or without the need to enter a userid or password.
It is then possible to use the browser for several minutes accessing multiple pages before another prompt for a userid and password appears.
We've sniffed the traffic from the client and have observed a sequence of events like the following.
1) Get http:// url.... client -> iwss + isa 2) 407 unauthorised iwss -> client 3) Get http:// url.... client -> iwss + isa 4) 407 unauthorised iwss -> client 5) Get http:// url.... client -> iwss + isa 6) 407 Proxy authentication required. The ISA server requires authorisation to fulfill the request. Access to the web proxy service is denied. Proxy connection closed.
Incidentally, we have also tried this with ISA 2004 and get similiar results.
I have had a good look through my copy of the ISA 2000 book but still can't pin point the cause.
If anyone has had similar problems or can point me in the right direction it would be much appreciated.
I had the same problem with IWSS 3.1 on one server and ISA 2006 on second server. I had access rule on ISA enabling IWSS to pass with all protocols to external with anonymous access to web while IWSS was performing user authentication on AD. He had me prompting three times username and pass for user and for page that was already allowed.
I solved this by modifying access rule for IWSS. Instead of allowing all protocols I explicitly allowed selected protocols (DNS, HTTP, HTTPS, HTTP proxy, LDAP etc whatever protocol you need). And it worked for web browsing.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Cache] >> Web Proxy Client >> ISA with Trend Micro InterScan Web Security Suite IWSS 
ISA with Trend Micro InterScan Web Security Suite IWSS - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread