• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Access Internet Level - Authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> Web Proxy Client >> Access Internet Level - Authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Access Internet Level - Authentication - 31.Mar.2009 3:29:25 AM   
madmonkey

 

Posts: 14
Joined: 3.Mar.2009
Status: offline

As the layout, I need to create 2 rules for users to access Internet:
- Rule 1: users or computers which are not member domain controller can access to internet.

- Rule 2: users which are member of domain controller can access internet.

After configuring, when users or computer are not member domain controller access to internet it popups a window to require username and password to connect. How can I do to configure ISA solve this issue, it means when users or computers which are not menber of domain want to connect to internet it's not require username and password.
Thanks,
Post #: 1
RE: Access Internet Level - Authentication - 7.May2009 2:06:45 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
There is no way to identify whether a machine is a Domain Member or not to the ISA.  So you will have to identify them by IP#, IP Range, or IP Subnet.  Assuming your LAN infrastructure accomidates that, get that done first.

Then you need three Rules,..they need to appear in the Rule list in exactly this order.

1. Allow the non-Domain IP Range to do whatever you want them to do.  Must be Anonymous (All Users).

2. Deny all hosts on the non-Domain IP Range to everything (any protocol). Must be anonymous (all Users)

3. Allow the Domain IP Range to do what you want them to do.  Add any other "Domain" Rules below this one.

The purpose of Rule #2 is to "trap" any non-Domain Host that don't match any of the Rules meant for them so they do not hit any of the Domain Rule and get the "prompt".  Because it is a Deny Rule you can optionally use a Custom "redirect page".



_____________________________

Phillip Windell

(in reply to madmonkey)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> Web Proxy Client >> Access Internet Level - Authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts