IWSS 2.5 + ISA 2004 + Web Proxy Client Authentication (Full Version)

All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons



Message


jnichol -> IWSS 2.5 + ISA 2004 + Web Proxy Client Authentication (9.Dec.2005 8:00:34 PM)

Hi Folks,

I have read the posts discussing IWSS and ISA 2004 but haven't found a solution to my problem. I'm hoping that I'm just missing something obvious and someone here can point out what it is.

Software Details:

O/S: Windows 2003 with SP1 (Member Server)

ISA: ISA 2004 (build 4.0.2163.263) - ISA 2004 SP1 with Post SP1 Hotfix KB897716

IWSS: Trendmicro IWSS v2.5

Windows 2000 Active Directory Domain

Setup:

We are setup as described in Trendmicro Solution 26115

IWSS and ISA 2004 are set up and running on the same server.

Traffic Flow: Client --> IWSS (using port 8081) --> ISA 2004 (using port 8080) --> Internet

All of our clients are running Windows XP SP2 with IE6.

We have an access rule defined in ISA for secure NAT and Firewall clients that allows all protocols from the Internal network to the External network from a selected group of computers. I will call these cleints 'Gateway Clients'

The majority of our clients are Web Proxy clients that are required to authenticate to ISA.  An access rule exists that will allow access to the External network if you are a member of a particular Windows Security Group. I will call these clients 'Web Proxy Clients'

Problem:

When I attempt to connect through ISA (port 8080) from a 'Gateway Client', I am successful.
When I attempt to connect through ISA (port 8080) from a 'Web Proxy Client', I am successful and the user is authenticated by ISA.
When I attempt to connect through IWSS (port 8081) from a 'Gateway Client', I am successful.

When I attempt to connect through IWSS (port 8081) from a 'Web Proxy Client', it fails.

I suspect that IWSS is not passing user credentials properly to ISA - is IWSS capable of doing this? I have been told by Trendmicro that this should be working. They are currently investigating why it isn't, but I'm hoping that someone out there has gotten this to work and can pass along any gotchas encountered along the way. I've tried setting it up as described in the Trendmicro IWSS documentation, but still no luck.


Any thoughts or suggestions would be greatly appreciated.

Cheers,
John




Page: [1]