[isalist] Re: No proxy,

From: "Ruba Al-Omari" <romari@xxxxxxxxx>
To: isalist@xxxxxxxxxxxxx
Date: Fri, 18 Jan 2008 00:38:26 +0300
 My clean access server knows about the ISA and so do my clients, they can
access the internet, but they have to go to the options in IE and write down
the proxy and port then they are connected.
Once my clients are on the green vlan my real DHCP gives their IPs, in which
case I use group policy to direct them to the correct ISA.
I can't allow my real DHCP to assign IPs to these clients as they are not
allowed to access the network till they are clean :)

The magic solution am seeking here is to allow my red vlan users who are
getting their DHCP from the wireless controller which can't have the ISA as
their default GW to reach the internet without having them configuring their
proxies, and since there is no magic solution then I can see now that it
can't be done, I really just thought you guys know something that I don't
(which is the magic solution am seeking), especially you Thor, you are the
hammer of god, you must know something that we all don't, or else how did
you get in such a senior position up there? :)

I know as a man its hard for you to say "I don't know" but I discovered now
that you can't say "it can't be done " too :) because saying "it can't be
done" might implicitly mean that there might be something that you don't
know :)

anyways I guess they will have to live with it, after all configuring a
proxy takes less then a minute.



Thanks,
Ruba

------------------------------
*From:* isalist-bounce@xxxxxxxxxxxxx on behalf of Steve Moffat
*Sent:* Thu 1/17/2008 11:40 PM
*To:* ISA Mailing List
*Subject:* [isalist] Re: No proxy,

 You're my hero….NOT!!



*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Thor (Hammer of God)
*Sent:* Thursday, January 17, 2008 4:31 PM
*To:* ISA Mailing List
*Subject:* [isalist] Re: No proxy,



Yeah - not sure what "magic" solution is being sought here...



Either point the clients to the ISA as SNAT clients or configure the clients
via DNS, etc...  If the problem is that they get their config from the
wireless device, then don't do that... Turn off DHCP on that guy and set up
your own DHCP server on that segment or set up a DHCP relay...  Easy
'nuff....



t



*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Steve Moffat
*Sent:* Thursday, January 17, 2008 11:37 AM
*To:* ISA Mailing List
*Subject:* [isalist] Re: No proxy,



Well, you will have to find a way. Your clean access network still needs a
route to your Internet Gateway. If it doesn't know about it, then neither
will your wireless clients and they will never get out to the internet.



This isn't an ISA issue, it's a networking issue.



S



*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Ruba Al-Omari
*Sent:* Thursday, January 17, 2008 5:24 AM
*To:* ISA Mailing List
*Subject:* [isalist] Re: No proxy,



I can't do that, I need the gateway to be the network clean access server,
which asses the users laptops when they need to connect to the network
resources.

Thanks,
Ruba


 ------------------------------

*From:* isalist-bounce@xxxxxxxxxxxxx on behalf of Steve Moffat
*Sent:* Thu 1/17/2008 1:39 AM
*To:* ISA Mailing List
*Subject:* [isalist] Re: No proxy,

The gateway for the wireless controller needs to be the ISA's IP address.



S



*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Ruba Al-Omari
*Sent:* Wednesday, January 16, 2008 6:16 PM
*To:* ISA Mailing List
*Subject:* [isalist] Re: No proxy,



Thank you steve,
The clients don't get the IPs from my Windows DHCP server, they get it from
the wireless controller, in my case I have a red vlan where users are
allowed only to access the internet with a rule that takes them to the proxy
without having to be compliant, if they need to access other network
resources then they are redirected to the remedy server and checked for
compliance and then issued an IP from my real DHCP, but in this case where I
don't want them to have to put the proxy they only need to access the
internet and do not have access to my network.

the wireless controllers DHCP options are very limited,  but is there a
workaround this?


 ------------------------------

*From:* isalist-bounce@xxxxxxxxxxxxx on behalf of Steve Moffat
*Sent:* Tue 1/8/2008 11:30 PM
*To:* ISA Mailing List
*Subject:* [isalist] Re: No proxy,

Indeed, is your DHCP server not supplying the gateway address??



Use the ISA auto configuration in DNS



S



*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Ruba Al-Omari
*Sent:* Tuesday, January 08, 2008 4:23 PM
*To:* ISA Mailing List
*Subject:* [isalist] No proxy,



Hi,



Is there a way to let my users browse the internet without having them put
the ISA server's IP in their internet explorer? and without having to
install a firewall client.

The case is I have wireless network, and I like the users to start browsing
once they are connected (after authentication), however these users laptops
are their own, so they are not part of my domain and I have no control over
them with the group policy, if they put the proxy IP manually in their IE
every thing works fine, but I want them not to have to do that, any advice?



Thanks,


-- 
Ruba Al-Omari


-- 
Ruba Al-Omari
Follow-Ups:
- [isalist] Re: No proxy,
  - From: Thor (Hammer of God)
[isalist] Re: No proxy,

Other related posts:
