I have setup ISA 2000 Standard on my NT-Domain network. At the beginning of the implementation, I set it up with basicly no rules. The rules I did put, it's all allow all anywhere.
Site an content rules allow anyone to anywhere, same with my protocol rules. Everything is working 100% for everyone.
OK, time to add some rules so that only a chosen few can access the internet. Mind you, I have a mixed PC/Mac network. I created the rule and let only certain people out unlimited (via site and content rules) and another rule to allow everyone else to certain sites (fedex.com, etc). I set everyone's IE to the proxy server and everything worked peachy.
Now, my problem (Finally) .. All my other protocols has ceased to work. Noone can get out using anything except IE! FTP clients don't work, AIM chatting don't work, nothing except IE. It's resolving correctly, I can see that but the connection isn't happening.
I've tried messing a bit with IP packet filters but that's not happening (put everything back to default, in the end).
Help! Seems the only way out (to anything but IE) is to allow everyone and their mother full access to the Net.. A Big no-no
*Added: It'll work perfectly if I install the mspclnt on the workstations that I want out but that's not an option on a mac. And well, I don't want to go around installing that on every PC =).
Thanks for you help Dan
[ November 06, 2002, 04:07 PM: Message edited by: Dan ]
Make sure that you have unchecked the "Ask unauthenticated users for Identification" option. For Secure NAT you should disable above said option. First you try with this option. And let me know whether that can solve your problem or not.
You should be using client sets. Then create protocol rules that are control by the client sets. You should have no allow all rules. Lock them down to client sets. If you need an allow all rule, make sure that is setup with all the client sets you want to have full access. Then you have to setup the Site rules also.