| Author |
 Topic  |
|
|
Erfan
Welcome Newcomer
Saudi Arabia
6 Posts
Status: offline |
 Posted - 05/31/2011 : 01:31:01 AM
|
Hi Guys,
I am completely new to ISA. Just installed 2006 enterprise edition using one NIC. Defined the internal network. made a rule to allow all access in & out.
we are on 10.10.10.x network
ISP proxy - 212.93.193.x
ISA
ip - 10.10.10.13
gateway - 10.10.10.1
single rule currently in use:
Permission - allow
Protocol - all outbound traffic
From - all networks (and local host)
To - all networks (and local host)
i put the isa ip on user/client proxy settings but not working yet.
any ideas .... ?
|
|
|
Jazzy
Administrator
Netherlands
1949 Posts
Status: offline |
|
|
timberk
Major Contributor
USA
786 Posts
Status: offline |
|
|
Erfan
Welcome Newcomer
Saudi Arabia
6 Posts
Status: offline |
Posted - 06/01/2011 : 01:32:26 AM
|
quote:
Originally posted by Jazzy
So do you want to use ISA 2006 as a proxu server? Then you should configure a proxy rule al least, not an access rule.
yep ... i need to setup the ISA as the middleman between the LAN & ISP modem/router using a single NIC.
On the ISA i can browse Internet and all but when i set the ISA ip on users proxy, i get error 502.
where can i setup the proxy rule ?
thanks again.... |
 |
|
|
Erfan
Welcome Newcomer
Saudi Arabia
6 Posts
Status: offline |
Posted - 06/01/2011 : 03:05:19 AM
|
quote:
Originally posted by timberk
Off the top, I would suggest adding a second NIC to the machine. There are some definite limitations to using ISA 2006 with only one NIC:
http://support.microsoft.com/kb/838364/en-us
http://technet.microsoft.com/en-us/library/cc302586.aspx
~tb
Hello Timberk,
Thanks the links were useful and i changed my ISA config as follows:
single rule currently in use:
Permission - allow
Protocol - all outbound traffic
From - Internal, LocalHost
To - Internal
then i go set the ISA ip on users proxy and get this msg :
Technical Information (for support personnel)
Error Code: 502 Proxy Error. No such service is known. The service cannot be found in the specified name space. (10108)
IP Address: 10.10.10.13
Date: 6/1/2011 6:55:24 AM [GMT]
Server: MONITOR
Source: proxy |
|
|
|
Erfan
Welcome Newcomer
Saudi Arabia
6 Posts
Status: offline |
Posted - 06/04/2011 : 04:17:48 AM
|
Its working now:
Step 1 > Network Template = Single Adapter.
Step 2 > Define Internal Network.
Step 3 > On "Internal" network properties - Enable Web Proxy, enable HTTP ,
NO Authentication, uncheck 'Enable Firewall'.
-----Apply Changes-----
Step 4 > Create new rule under Firewall Policy
Allow
Protocol - All Outbound
From - Internal,Local Host
To - All Networks (Local Host)
-----Apply Changes-----
Now, on the users browser set the proxy to isa ip. |
|
|
|
Pieter
Old Timer
Belgium
526 Posts
Status: offline |
Posted - 06/06/2011 : 03:24:59 AM
|
Like timberk said, I also advice to use 2 NIC's in you ISA (or TMG server). If not, users can configure their PC to use the router/gateway that gives access to the Internet as their default gateway. And thus bypassing your ISA.
Use a setup like this
INTERNET -- (external IP) ROUTER (192.168.254.1) -- (192.168.254.10) ISA (10.10.10.1) --- LAN (10.10.10.x).
All your PC's in the LAN can have 10.10.10.1 as default gateway and -if you wish- 10.10.10.1 and port 8080 as proxyserver in IE.
Only the External NIC on the ISA may have a default gateway, and it should be the address of the router=192.168.254.1. See http://www.isaserver.org/tutorials/configuring_isa_server_interface_settings.html for all the details.
I guess you are aware of the 3 types of ISA clients :
1. SecureNAT = PC/devices which have the ISA as their default gateway
2. Web proxy = PC's/MAC's/PDA's/... with a browser that is configured to use ISA as the proxy server
3. Firewall client = PC's with windows and with the ISA Firewall Client installed on it. The ISA firewall Client software is not a firewall, it's a ISA agent! A piece of software that works with the ISA server.
On a Windows PC you can be combine these types, which results in 8 combinations.
See
http://www.linglom.com/2008/01/27/getting-started-with-microsoft-isa-server-2006-part-iv-configure-client-type/
http://technet.microsoft.com/en-us/library/bb794762.aspx
|
Pieter Demeulemeester |
|
|
|
Erfan
Welcome Newcomer
Saudi Arabia
6 Posts
Status: offline |
Posted - 06/07/2011 : 05:11:45 AM
|
| you are right Pieter ... users who knows the ISP proxy can still bypass |
|
|
|
maduwaye
Welcome Newcomer
Nigeria
2 Posts
Status: offline |
Posted - 06/07/2011 : 09:53:20 AM
|
Hi Guys,
I'm glad to jump into dis forum...My boss gave me a task dat has to do with ISA SERVER. He wants me to achieve mutual SSL authentication with ISA Server without prompting for user authorization.
Please, can dis be achieve, as I'm very new to ISA Server as well.
Any idea will go a long way...
Regards. |
|
|
| |
Topic |
|
ISA 2006 Ent with 1 NIC
