No Active Directory Authentication - even when ISA Server is stopped (Full Version)

All Forums >> [ISA 2006 General] >> General



Message


antandrades -> No Active Directory Authentication - even when ISA Server is stopped (15.Sep.2008 7:48:38 AM)

Hi all,

We have an ISA 2006 instance that we've put in a DMZ with the NOKIA firewall also performing NAT from the LAN to the DMZ. So the ISA has a class A ip NATted to class C by the firewall.

The server is a 2003 ENT SP2 (although I've uninstalled SP2).
Rules on the NOKIA firewall allow traffic out to a domain controller over the correct ports (53, 88, 389, 1026, 3268, 135) and also 3389 for RDP.
The server is an HP DL380 G4.

When the machine is on the LAN, I can log onto it using my domain credentials within seconds.
However, when the machine is back in the DMZ, it can take up to 40 minutes for the machine to authenticate me, or it just returns to the MSGINA asking me for my credentials.

Anyone any ideas how I can fix this?

Thanks,
Anthony




tshinder -> RE: No Active Directory Authentication - even when ISA Server is stopped (15.Sep.2008 8:30:47 AM)

You must have a route relationship between source and destination network for intradomain communications. If there is NAT anywhere in the path, it won't work becasue of Kerberos not supporting NAT.

HTH,
Tom




antandrades -> RE: No Active Directory Authentication - even when ISA Server is stopped (15.Sep.2008 8:33:15 AM)

Hi Tom,

Where do I go to implement that in ISA 2006?

Thanks




elmajdal -> RE: No Active Directory Authentication - even when ISA Server is stopped (15.Sep.2008 8:51:25 AM)

Hi,

Check Tom's Article here : http://www.isaserver.org/articles/2004perimeterdomain.html

HTH,
Tarek




Page: [1]