yorgy thx 4 ur help.actually i found out that problem really lies on SecureNAT. Because there are two windows appear on the browser to authendicate. one is secureNAT and one is proxy. if u authendicate proxy it works fine no more naging windows but u authendicate secureNAT u get multipal windows to reauthendicate.therefore i need to disable the secureNAT. How can i disable secureNAT.
From: Lebanese in Kuwait
How can i disable secureNAT.
SecureNet clients do not authenticate !
u can simple do not set the client as SecureNet by not setting the Default Gateway to point to ISA Server.
Check this for better understanding of ISA Server different Clients Type:
The SecureNET (SecureNAT) client : A SecureNET client is a machine configured with a default gateway address that allows Internet bound requests to pass through the ISA Firewall. If the SecureNET client is located on the same subnet of the ISA Firewall, then the default gateway address will be IP address of the ISA Firewall’s interface on the same network ID as the client. If the clients are on a remote subnet from the ISA Firewall, then the IP address will be a router interface address that will use route outbound requests through the ISA Firewall. While the “official” name in the ISA Firewall documentation is SecureNAT client, it is more accurately referred to as a SecureNET client because the Network Rule defining the connection between a source and destination network does not have to be a NAT relationship, it could be a Route relationship.
The Firewall Client : The Firewall client is a piece of software that must be installed on the client operating systems (the Firewall client should not be installed on server operating systems and never on the ISA Firewall itself). The Firewall client is a generic Winsock proxy client that intercepts Winsock application network calls and forwards them (remotes them) directly to the ISA Firewall. This enables the Firewall client to be transparent to the network routing infrastructure and does not depend on default gateway or route of last resort configuration on network routers. The only network infrastructure requirement is that the clients have a route to the IP address of the ISA Firewall closest to the client. The Firewall client also enables user authentication for access control and supports secondary connections for complex protocols when there is no Application Filter to provide that support. In contrast, SecureNET clients must have an Application Filter in place to support complex protocols that may require multiple primary and secondary connections.
The Web Proxy Client : The Web proxy client is a machine that has its browser configured to use the ISA Firewall as its Web proxy device. Browser configuration can be done manually, or can be automated using the WPAD protocol and WPAD entries in DHCP and/or DNS. The Web proxy client configuration supports only HTTP, HTTPS, and HTTP tunneled FTP requests and does not support FTP upload, only FTP download. Web proxy clients can authenticate with the ISA Firewall, in contrast to SecureNET clients, which cannot authenticate with the ISA Firewall.
i didn't catch anything from ur post.nevertheless thx 4 ur help Tarek. actually my problem is when client aceess the internet ISA allow two different connections. that ias SecureNAT and web proxy. another word for a one user there is SecureNAT connection and web proxy connection. my problem is that i need to disable the SecureNAT client connection. i tried everything but i did not manage to do so. my web proxy use basic authendication.is there problem if i use this basic authendication.please someone tell how to disable SecureNAT step by step.
As Tarek said SecureNAT can not be disabled. A client is using SecureNAT when it is using the IP address of the ISA Server as a gateway address. Using the ISA Firewall client might fix your issue (Windows only).