[isalist] Re: VPN users and proxy
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 15 Nov 2007 06:25:24 -0800
It's true that CMAK won't configure the FWC directly, but it can run scripts
(hint).
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Thursday, November 15, 2007 6:18 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN users and proxy
:) OK, that's better.
Yes, you can configure the VPN clients to use both the Firewall client and the
Web Proxy client configuration and configure those clients to use an ISA
Firewall that's not the one that they're connected to. You can even have the
VPN clients take advantage of your internal WPAD entries when they connect to
the VPN server and contact the internal DNS server.
However, its not quite that easy. The reason for that is that autoconfig will
configure the LAN connection's Web proxy config, and you need to configure the
VPN client connection to use the Web proxy configuration. Like Jim mentioned,
the easiest way to do this is using the CMAK, unless you want your users to
configure this manually. The CMAK won't configure the Firewall client, but WPAD
will do that when the VPN client connects to the network.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR
Sent: Thursday, November 15, 2007 4:58 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN users and proxy
Did I say ISA client again?
I need to add some kind of rule on my outlook.
Of course I was talking about the firewall client, what else? ;-)
--------------------------
Sent from my BlackBerry Wireless Device
----- Original Message -----
From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx>
To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx>
Sent: Wed Nov 14 20:14:13 2007
Subject: [isalist] Re: VPN users and proxy
I have an answer, but you have to call the FIREWALL client by it's correct name
;)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK
INFRA ASST MGR
Sent: Wednesday, November 14, 2007 2:59 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] VPN users and proxy
I have 1 ISA 2004 EE configured as a proxy/firewall for internal users
and is also acting as a VPN server (1 IP there is configured to accept VPN
connections).
Since for the VPN users the ISA itself is the gateway (when they are
connected), they are going to internet trough that same ISA server.
There is any way to force those VPN clients to use another internal ISA
server (ISA 2006 EE) as a proxy? For sure doesn't work simply specifying the
name of that other ISA server on the IE or proxy client, because I already
tried.
Both ISA servers are on the same subnet (the VPN server and the one I
want them to use as proxy).
Thanks
Regards
Diego R. Pietruszka
MSC (USA) - Interlink Transport Technologies
Other related posts:
