Using proxy interface on the opposite side

Using proxy interface on the opposite side (Full Version)

All Forums >> [ISA 2006 Web Proxy] >> General

Message

apagliara -> Using proxy interface on the opposite side (1.Jul.2008 9:30:55 AM)
Hi everybody, I have the following situation [LAN]------[ISA-Proxy]------[PIX]-----[INTERNET]-----[Cisco VPN Users] The goal I must obtain is making the [Cisco VPN users] connecting through the Cisco client browse the internet using the Web Proxy on the ISA Server. At the moment when a [Cisco VPN user] tries to browse the internet using the LAN-side interface as the proxy, I can notice in the ISA monitoring that a HTTP Proxy connection is established successfully (Initiated Connection) but after a few seconds it is dropped (Closed connection); the browser shows a message telling that the page cannot be opened. Enabling the Web Proxy on the PIX-side interface and setting the web browser of the [VPN user] to use the ip address of this interface (PIX-side) as a proxy, everything works fine. At this point my problem is that the users' browsers are set to use the ISA host name that is resolved with the ip address of the LAN-side interface. The problem could be solved either making the connection on the LAN-side work for [VPN users] or making the host name of the ISA-Proxy resolved with the ip address of the PIX-side interface just for [VPN Users]. Of course I cannot ask users to modify settings when they are connected to the LAN or through the VPN. Any ideas? Thanks in advance

paulo.oliveira -> RE: Using proxy interface on the opposite side (1.Jul.2008 5:32:08 PM)
Hi, is the network of your VPN clients the same as the LAN network? If not, maybe is some route problem. Regards, Paulo Oliveira.

apagliara -> RE: Using proxy interface on the opposite side (1.Jul.2008 5:44:08 PM)
VPN users are not in the same network of LAN users, anyway VPN users can reach ip addresses on the LAN and can even telnet port 8080 (web proxy port) of the network interface on the LAN-side.

paulo.oliveira -> RE: Using proxy interface on the opposite side (1.Jul.2008 6:03:40 PM)
Hi, OK, but you have a back-to-back configuration is ISA allowing communication from this VPN network to PIX firewall? Better, is ISA aware of this network as VPN network or some other Network object? Cause the way out of your network is through PIX anyway. They will pass through both firewalls instead of just one (PIX). Regards, Paulo Oliveira.

apagliara -> RE: Using proxy interface on the opposite side (2.Jul.2008 4:55:31 AM)
Thanks for your answer, quote: ORIGINAL: paulo.oliveira OK, but you have a back-to-back configuration is ISA allowing communication from this VPN network to PIX firewall? Yes, it is, VPN clients can reach ip addresses on the [LAN], can telnet port 8080 of the Proxy interface on the LAN-side and I don't see anything blocked in the monitoring logs. Browsing works if I set the browser to use the Proxy service enabled on the PIX-side. quote: ORIGINAL: paulo.oliveira Better, is ISA aware of this network as VPN network or some other Network object? The VPN Users are placed in a network defined in ISA as an Enterprise Network. Thanks

Page: [1]