RE: Allowing access based on IP address

• From: "Brian Miyata" <bmiyata@xxxxxxxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Wed, 5 Feb 2003 10:04:02 -0700

It looks like it's working properly now.  When to the changes take effect?
 I had stopped and restarted the services after every change I made. 
Maybe I didn't wait long enough for the changes to take effect.  I will
continue to test but my theory is that I had it configured to "Ask
unauthenticated..." and allowed my IP address out but didn't signon to the
domain which denied my access to the Internet.  I then unchecked "Ask
unauthenticated..." but left my IP address access and was able to get out
to the Internet even if I didn't signon to the domain.  I then restricted
access to my IP address but was still able to get access to the
Internet...If I restart the services a couple of times and wait a couple
of minutes, then I don't have access.  Thanks for everyones help, Brian


> Hi Brian,
> 
> Make sure you're using either the Web Proxy or Firewall client, and keep
> in mind that if the HTTP Redirector passes the request to the Web Proxy
> service, it will be passed as an anonymous request.
> 
> HTH,
> Tom=20
> 
> Thomas W Shinder
> www.isaserver.org/shinder=20
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp=20
> 
> 
> -----Original Message-----
> From: Brian Miyata [mailto:bmiyata@xxxxxxxxxxxxxxxxx]=20
> Sent: Tuesday, February 04, 2003 11:02 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Allowing access based on IP address
> 
> 
> http://www.ISAserver.org
> 
> 
> This goes back to my original message...The only rules I have say that
> you
> need to be part of a global group to have access but when I uncheck the
> "Ask unauthenticated users for identification" everyone goes out
> anonymously whether they authenticate to the domain or not....I'll
> continue to explore and test that options....Thanks, Brian
> 
> > Hi Brian,
> >=20
> > The user needs an account if you want to force authentication at the
> > listener. I don't use that option, because if you configure all site
> and
> > content rules to require authorization of some kind, then you don't
> need
> > it.
> >=20
> > HTH,
> > Tom
> >=20
> > Thomas W Shinder
> > www.isaserver.org/shinder=3D20
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp=3D20
> >=20
> >=20
> > -----Original Message-----
> > From: Brian Miyata [mailto:bmiyata@xxxxxxxxxxxxxxxxx]=3D20
> > Sent: Monday, February 03, 2003 5:03 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Allowing access based on IP address
> >=20
> >=20
> > http://www.ISAserver.org
> >=20
> >=20
> > I guess based on the responses I got so far, there is no way for me to
> > accomplish what I want to do.  Since the ISA server is part of my
> domain
> > and "Ask unauthenticated users for identification" is enabled, users
> > have
> > to sign on to the domain to get access to the Internet.  That means if
> > we
> > have an auditor come in who needs access to the Internet (but not our
> > network), I cannot just let them out by IP address...I need to create
> a
> > domain account for them and grant that account access to the
> > Internet...Please correct me if I am wrong...Thanks, Brian
> >=20
> > > Authentication is determined by the use of users/groups in the
> > "applies to"
> > > tab.
> > >=3D20
> > >  Jim Harrison
> > >  MCP(NT4, W2K), A+, Network+, PCG
> > >  http://www.microsoft.com/isaserver
> > >  http://isaserver.org/Jim_Harrison
> > >  http://isatools.org
> > >=3D20
> > >  Read the help, books and articles!
> > > ----- Original Message -----
> > > From: "Brian Miyata" <bmiyata@xxxxxxxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Monday, February 03, 2003 09:32
> > > Subject: [isalist] RE: Allowing access based on IP address
> > >=3D20
> > >=3D20
> > > http://www.ISAserver.org
> > >=3D20
> > >=3D20
> > > Where is this option to Require Authentication on Site and Content
> > Rules?
> > > I know on the Outgoing Web Requests there is an option to require
> > > authentication.  On the Site and Content rules all I am able to do
> is:
> > > General =3D3D> Create Name
> > > Destinations =3D3D> All Destinations
> > > Schedule =3D3D> Always
> > > Action =3D3D> Allowed
> > > Applies To =3D3D> Client address sets specified below
> > >    Client Address Set =3D3D> xxx.xxx.xxx.xxx
> > > HTTP Content =3D3D> All Content Groups
> > >=3D20
> > > Thanks, Brian
> > >=3D20
> > > ------------------------------------------------------
> > > List Archives: =
> http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
> as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address
• » RE: Allowing access based on IP address

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---