We havent deployed ISA in our organisation before - previously weve used squid. We have a situation now however where we need to us a windows based app with AD integration. The requirement is for a Proxy with cache on a transparent bridge. My Question is whether or not ISA 2006 will intercept http traffic and route it through its proxy & cache over two bridged NIC's. Overview of situation: We are a part of a larger global company WAN and just have a requirement for AD auth. and Http cache for our part of the network and have no need for firewalling. The plan is ISA on a Win2k3 machine with the OS bridging the two NIC's with ALL traffic pasing through this box, but with all HTTP traffic to be routed through the proxy cache. Both sides of the bridge are in the same IP address range and the bridge is the only joining point to the rest of the global network. Will ISA allow this config?? If so, how do we go about it?? At the moment we seem to have no luck in figuring it out!!!!!!!!!!!!!!!!
Are you just wanting to use ISA as a Proxy server to route all of your internet access through while authenticatiing the users with AD?
I'm not sure about 2006 yet as I haven't started messing with it but in previous versions you wouldn't need to bridge. In fact in a multi-nic configuration you would not be able to have both sides on the same segment.
There is however a single NIC mode which is used for ISA in a Proxy/Cache only mode. Keep in mind thta doing this would probably only allow you to Proxy outbound traffic and not tings like OWA coming in but it's an option if I'm understanding your question correctly.
Not sure if they fixed it in 2006 or not but I did have some issues with doing transparent authentication in 2004. If a machine that attempted to use the Proxy server was not a part of my AD domain it would just deny them since the rules say to deny them. Basically my setup allows certain AD groups of users to use the internet. MS supplied me with a vb script that solved that issue. Now the only issue I'm left with is non-domain users/machines have to put their credentials in as domainname/username.