I have a SSL secured web site behind ISA 2004 using RADIUS/IAS for authentication. the site is accessed by 80% external users and 20% internal. I have been trying to get the internal users to be able to authenticate automatically without success.
Anyone have any ideas? (I have tried adding the site to both the trusted and intranet site but this has not worked)
Any help would be greatly appreciated.
< Message edited by bobbba -- 14.Aug.2006 5:08:49 PM >
I take it the auto config script is for the ISA clients? My clients are not using ISA as web proxy, they access a 3rd party proxy (provided on our LAN by our ISP) that directs them to our Cisco firewall that directs them to our ISA servers.
The setup works if I direct IE directly to the IIS site. It's just when they go through ISA(and IAS/RADIUS) that internet explorer does not seem to pass the credentials (even when the site is added to IE's trusted or intranet sites)
The only thing I can think of is that ISA in combination with IAS requires that the user enters credentials regardless of what is configured in IE. This would seem to only leave me with trying to devise a solution where internal users don't go through ISA or they have an alternate rule/listener with lower authentication level.
Just curious why you think that from the security pov, it's a nasty setup? Any advice would be appreciated as I'm finding it difficult to implement seamless access for internal users and secure access for external users at the same time. Any best practice ideas?
Thanks for the confirm on radius, I'm planning on directing internal users via internal dns to a separate IP and isa rule without isa auth to allow transparent auth.