Webchain to Squid proxy (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General


superprutser -> Webchain to Squid proxy (15.Jul.2005 4:49:00 PM)

I've just replaced our old Squid proxy box with an new ISA2k4 box. Previously we used squid to connect to a parrent squid proxy (no authentication) for sites in certain domains (parent company intranet).

To achieve the same in ISA2K4 I've created the outbound rule to allow traffic to the Parent squid proxy. I also created the domain name set and created a Webchaining rule to use the parent squid proxy.

It al seems to work, internet sites are accessible via the local ISP connection and the intranet sites get directed to the parent squid cache.

The issue that I have is that ISA2K4 tries to authenticate to the parent Squid cache. This causes a 20 seconds delay when connecting to the intranet for the first time. Is there a way to dissable authentication to the upstream cache server or to reduce the time out?

ClintD -> RE: Webchain to Squid proxy (19.Jul.2005 11:58:00 AM)

Unless you've changed the default settings for the rule, ISA should be making anonymous requests first.

In the Web Chaing rule under Action\Settings <both of them>, there is an option to "Use this account" - is this enabled and populated?

superprutser -> RE: Webchain to Squid proxy (19.Jul.2005 3:22:00 PM)

Here is what I did:

Add IP addresses of the upstream squid proxy to the internal network.
Add static routes to the proxies via the internal Nic.
Create rule to allow outbound port 8080 from localhost to the upstream proxy.
Create domain name sets which need to be forwarded to the upstream proxies.
Created a webchain which forwards the domain name set to the primary proxy and if that's unavailable to the secondary proxy.
I didn't configure authentication, the box is unticked and no account is set.

With this in place the upstream does work, but before it works it tries to authenticate the with CIFS and Netbios, it does that for the primary proxy and the secondary which causes a 20 second delay. When it figures out is doesn't need to authenticate and traffic flows as it should.

Page: [1]