• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Integrated auth across multiple firewall policies

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Integrated auth across multiple firewall policies Page: [1]
Login
Message << Older Topic   Newer Topic >>
Integrated auth across multiple firewall policies - 26.Aug.2005 3:00:00 PM   
disco_the_server

 

Posts: 2
Joined: 26.Aug.2005
Status: offline
I have an ISA 2004 Server SP1 running on W2K Server. The server has a single NIC, as I am using it solely as a SSL Bridge to several internal web resources. The remote web clients connect to the ISA Server with SSL, and then ISA Server sends the unencrypted packets along to internal servers that are not using SSL.

I have two firewall policies that listen on different ports using different domain names (one is for email, the other is for file access). I have then both setup using integrated authorization with specific User sets. Everything works normally - users inside the LAN can access both services without being prompted for a login (they are already logged into the domain on their workstations) and users accessing remotely are prompted for login info.

What I would like to do is have the integrated login information work across both policies. So, for instance, a remote user wants to check their email and after logging in at the prompt they get to the Exchange server via firewall policy 1. Now they are done and want to access some web-served files via firewall policy 2. They type in the address and would go straight to the web server, since they have already authenticated against the ISA server when they used firewall policy 1.

Does this sound like something that is possible?
Post #: 1
RE: Integrated auth across multiple firewall policies - 1.Sep.2005 9:32:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Moving to Web proxy section.

Tom

(in reply to disco_the_server)
Post #: 2
RE: Integrated auth across multiple firewall policies - 1.Sep.2005 9:41:00 AM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
This is a browser issue and not ISA. In your example, Internet Explorer uses a TCP connection for the OWA site and after completing the auth process, that port is authenticated.

When the user goes to the web site, IE uses a new port and must authenticate the port again - IE's behavior is to prompt the user for authentication - the only way you can control this is to add that URL into a different zone and have IE auto-supply credentials. This doesn't scale very well of course.

(in reply to disco_the_server)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> Integrated auth across multiple firewall policies Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts