• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Configure ISA Server 2006 with proxy with block sites

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Configure ISA Server 2006 with proxy with block sites Page: [1]
Login
Message << Older Topic   Newer Topic >>
Configure ISA Server 2006 with proxy with block sites - 9.Apr.2008 10:37:50 AM   
lmenaria

 

Posts: 9
Joined: 9.Apr.2008
Status: offline
    Hello,

I have downloaded the EVAL version of ISA Server 2006 and now want to configure with proxy with some block sites.

My machine Configuration : Windows Server 2003 R2 with 2-NIC.  and My IP is 192.168.0.99, 192.168.0.98.

192.168.0.98 is connected to RV042 (192.168.0.100 with DHCP enabled)  router for net. All user in our LAN are connected through 192.168.0.100.

Now I want to configure My machine as server and all others clients, Client will permitted to use selected sites only.

I have tried to install ISA 2006 with default configuration, but while accessing any web page get "Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)" error,

Have tried after stop "Microsoft Firewall" service, net working fine. So now I am not sure that, this is working fine, I think "Microsoft Firewall" service is running with ISa services.

Can any one shows me how can I configure it with my network.

Thanks in advance,
Laxmilal
Post #: 1
RE: Configure ISA Server 2006 with proxy with block sites - 10.Apr.2008 6:55:15 AM   
matt.jones

 

Posts: 72
Joined: 16.Aug.2007
From: Poznan, Poland
Status: offline
Hi,

Am I right in saying that the two NICs are configured with addresses on the same subnet, 192.168.0.99 and 192.168.0.98?

_____________________________

Matthew Jones
MCSA/MCSE:M+S/VCP/CCA/CCNA

(in reply to lmenaria)
Post #: 2
RE: Configure ISA Server 2006 with proxy with block sites - 10.Apr.2008 9:40:36 AM   
lmenaria

 

Posts: 9
Joined: 9.Apr.2008
Status: offline
Yes,  in same range.

Can you tell me what can I do ?,  or send me configuration steps.

My Issue is : How to check NTLM authentication with my application(.NET Application)

(in reply to matt.jones)
Post #: 3
RE: Configure ISA Server 2006 with proxy with block sites - 10.Apr.2008 10:10:53 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

My machine Configuration : Windows Server 2003 R2 with 2-NIC.  and My IP is 192.168.0.99, 192.168.0.98.

192.168.0.98 is connected to RV042 (192.168.0.100 with DHCP enabled)  router for net. All user in our LAN are connected through 192.168.0.100.


Each NIC should be on a different subnet !!!

read this article : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to lmenaria)
Post #: 4
RE: Configure ISA Server 2006 with proxy with block sites - 10.Apr.2008 10:24:43 AM   
lmenaria

 

Posts: 9
Joined: 9.Apr.2008
Status: offline
Have updated the range:

Ethernet adapter External LAN:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.1.101
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.100
  DNS Servers . . . . . . . . . . . : 218.248.240.79
                                      218.248.240.141

Ethernet adapter Internal LAN:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.0.98
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  DNS Servers . . . . . . . . . . . : 192.168.1.98

is it okay ?

(in reply to elmajdal)
Post #: 5
RE: Configure ISA Server 2006 with proxy with block sites - 10.Apr.2008 10:25:22 AM   
lmenaria

 

Posts: 9
Joined: 9.Apr.2008
Status: offline
Have updated the range:

Ethernet adapter External LAN:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.1.101
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.100
  DNS Servers . . . . . . . . . . . : 218.248.240.79
                                      218.248.240.141

Ethernet adapter Internal LAN:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.0.98
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  DNS Servers . . . . . . . . . . . : 192.168.1.98

is it okay ?

(in reply to elmajdal)
Post #: 6
RE: Configure ISA Server 2006 with proxy with block sites - 10.Apr.2008 11:44:57 AM   
matt.jones

 

Posts: 72
Joined: 16.Aug.2007
From: Poznan, Poland
Status: offline
Good to see you've reconfigured the NICs on different subnets.

Do you have a DNS server on the subnet that the internal NIC of the ISA Server is connected to?

If so, you need to remove the DNS servers on the external NIC, otherwise you'll have issues! You should only place DNS server addresses on the internal NIC of the ISA Server. That means, even if you didn't have an internal DNS server, you should add the external DNS server addresses to the internal NIC instead of the external NIC. Also, make sure that you disable NETBIOS, file and printer sharing and DNS registration on the external NIC.

Anything else just let me know.

(in reply to lmenaria)
Post #: 7
RE: Configure ISA Server 2006 with proxy with block sites - 11.Apr.2008 1:15:51 AM   
lmenaria

 

Posts: 9
Joined: 9.Apr.2008
Status: offline
Ok, have updated it..

Now have created a Access rule in firewall policy for access net on my PC as well as on client computer. have used the following steps. but while browsing I got 403 error..
"Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)" error",

Steps:
In the ISA firewall console, expand the server name and then click the Firewall Policy node. Click the Tasks tab in the Task Pane and click the Create New Access Rule link.
On the Welcome to the New Access Rule Wizard page, enter Web Protocols to Internet and click Next.
Select the Allow option on the Rule Action page and click Next.
On the Protocols page, select the Selected protocols option from the This rule applies to list and then click the Add button.
In the Add Protocols dialog box, click the Web folder and then double click on the FTP, HTTP and HTTPS protocols and then click Close
Click Next on the Protocols page.
On the Access Rule Sources page, click the Add button.
In the Add Network Entities dialog box, click the Networks folder and then double click on the Internal network. Click Close
Click Next on the Access Rule Sources page.
On the Access Rule Destinations page, click Add.
In the Add Network Entities dialog box, click the Networks folder and then double click External. Click Close. Click Next on the Access Rule Destinations page.
On the User Sets page, click the All Users entry and click Remove. We donít want to allow anonymous connections to the Internet through the ISA firewall, so we must remove the All Users entry. Click the Add button.
In the Add Users dialog box, double click the All Authenticated Users entry and click Close. Click Next on the User Sets page
Click Finish on the Completing the New Access Rule Wizard page

So is any other configuration for that

Thanks in advance
Laxmilal

(in reply to matt.jones)
Post #: 8
RE: Configure ISA Server 2006 with proxy with block sites - 11.Apr.2008 4:15:47 PM   
matt.jones

 

Posts: 72
Joined: 16.Aug.2007
From: Poznan, Poland
Status: offline
Ammend the rule by removing the Authenticated Users group and add the All Users group as you had orignially and then try again. I understand that you don't want to allow annonymous access - this is just for troubleshooting.

Let me know what happens.

(in reply to lmenaria)
Post #: 9
RE: Configure ISA Server 2006 with proxy with block sites - 12.Apr.2008 4:07:52 AM   
lmenaria

 

Posts: 9
Joined: 9.Apr.2008
Status: offline
I have updated to "All users", but same issue

Thanks

(in reply to lmenaria)
Post #: 10
RE: Configure ISA Server 2006 with proxy with block sites - 12.Apr.2008 6:49:01 AM   
matt.jones

 

Posts: 72
Joined: 16.Aug.2007
From: Poznan, Poland
Status: offline
Ok, here's the steps that you should carry out to get outbound access. For now we won't configure authentication and we won't specify certain protocols.

  1. Configure Networks - Add the internal address ranges to the Internal ISA Network named 'Internal'.
  2. Configure the Internal Network properties. Ensure that Web Proxy clients and Firewall clients are enabled, and configure the authentication settings correctly. NOTE: Don't select the option to require all users to authenticate within the Authentication settings found in the Web Proxy tab. Just tick Integrated and Basic.
  3. Configure Network Rules - By default, a rule exists called 'Internet Access'. This rule should list the Internal Network as one of the source networks and the external network as the destination. Depending on the network template you're using, the relationship can be either NAT or Route. Ensure that the correct relationship is set up depending on your configuration.
  4. Configure an access rule, that allows all Outbound Traffic, from the Internal Network to the External Network and for All Users.

See how you get on and if we have any joy, we can start tightening things up.

Oh, one more question.....where is your internal DNS server located? Is it on the external network or the internal network?

(in reply to lmenaria)
Post #: 11
RE: Configure ISA Server 2006 with proxy with block sites - 19.Apr.2008 3:06:13 AM   
lmenaria

 

Posts: 9
Joined: 9.Apr.2008
Status: offline
Ok..Thanks.

Have tried and updated the Rule from Internal to Localhost and Localhost to External, now Net is working fine on Server as well as client..

Now I want to use remote SQL Server and MYSQL with on Machine, so what are the rules for that ?

Thanks in advance,
Laxmilal

(in reply to lmenaria)
Post #: 12
RE: Configure ISA Server 2006 with proxy with block sites - 19.Apr.2008 7:14:44 AM   
remdotc

 

Posts: 42
Joined: 18.Feb.2005
From: Detroit, USA
Status: offline
Create Rules to allow;
Mysql default port is 3306
MS SQL is 1433

(in reply to lmenaria)
Post #: 13
RE: Configure ISA Server 2006 with proxy with block sites - 8.Apr.2009 6:56:50 PM   
kevintang

 

Posts: 1
Joined: 8.Apr.2009
Status: offline
quote:

ORIGINAL: lmenaria

Have tried and updated the Rule from Internal to Localhost and Localhost to External, now Net is working fine on Server as well as client..



I've searched for the solution for 12202 error for a while, both on isaserver.org or google, and it've been driving me crazy. Thanks so much!

(in reply to lmenaria)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Configure ISA Server 2006 with proxy with block sites Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts