http://www.ISAserver.org ------------------------------------------------------- To be fair to Diego, the buttheads at RSA never provided me with demo software so that we could work these details out, and the docs on RSA support are abysmal at best and sux the big whahooie at worst. So the fact that he wasn't able to read the minds of whoever knows how this works isn't his fault, he just didn't have the extrasensory perception the docs team thought he needed. GMT -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, April 13, 2007 1:41 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- Diego, This would be the first time you mentioned anything about VPN clients; much less RSA-based login. Also,l the issue that I answered was regarding FWC auto-configuration requests, not "general traffic authentication". ISA has no idea of RSA-authenticated VPN users; there is no "user" context as such. Also, the VPN-connected FWC *must* use the listener for a separate network, since neither the Quarantined nor "normal" VPN client networks have a FWC listener. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Friday, April 13, 2007 5:25 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients Jim Well I discovered why the firewall client was not able to authenticate with the ISA server. It is because our users use RSA tokens to connect to the VPN, as soon as I created a VPN connection without RSA, the firewall client was able to do the authentication. Anyway I'm still having a little problem even without RSA in the middle, for some reason when from the VPN I browse internet I'm seeing all the traffic on the ISA log on port 80 instead of port 8080, which is what I need and how it works for my internal users. Do you have any idea why that can be happening? Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 7:51 PM To: 'isalist@xxxxxxxxxxxxx' Subject: Re: [isalist] Re: Auto Discovery for firewall and webproxy clients Yes -------------------------- Sent from my BlackBerry Wireless Device -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx> To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx> Sent: Thu Apr 12 18:55:18 2007 Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- Did you also restart the firewall service as the KB instructed? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 3:14 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients I'm using ISA2004 EE. And I request for authentication, that is why the I guess the document apply to my case. -------------------------- Sent from my BlackBerry Wireless Device -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx> To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx> Sent: Thu Apr 12 16:28:10 2007 Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- Are you using ISA 2004 or 2006? Enterprise or Standard Edition? The FWC cannot authenticate for configuration requests - that's the whole point of this article and the changes to be made. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 1:00 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients Well since my boss was having some rush on this issue, I crossed my fingers and executed the VB script mentioned in the article. Results: ...... well nothing change, but at least what was working is still working. Any idea on why the firewall client is not able to authenticate against the ISA server when the user I connected to the VPN, but work fine internally? Thanks Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 1:21 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- I have all my internal user's firewall client detecting automatically the ISA server array. The same ISA server array detected for the firewall client is acting as my VPN server, and the clients connected to that VPN are receiving an IP on the internal subnet range. But they are having issues using the firewall client, actually the firewall client is detecting the right ISA server, but can not authenticate with it. Of course the rule between my VPN network and my internal network (where the ISA server reside) is ROUTE, I'm wondering if the solution on that article will fix my issue, without affecting my already working internal authentication with the server. What you think? Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, April 11, 2007 7:28 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- http://support.microsoft.com/kb/885683 -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Stephen Herrera Sent: Wednesday, April 11, 2007 8:32 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- I am using ISA2004 with Firewall and Web Proxy clients. I have setup the information manually in the past without any problems. I would like to implement auto discovery and have followed a couple of the articles on ISAserver.org. I have: Created the wpad entry via DNS. Set IE to auto detect Set the firewall client to auto detect Verified ISA is publishing the Auto Discover via the MMC and going to http://wpad/wpad.dat When I couldn't connect with the firewall client I used ISA monitoring to see what was going on. When the firewall client or web proxy client make the initial connection they are connecting anonymously. IE brings up an authentication window so that credentials can be entered but the firewall client doesn't so it fails to discover the server because the anonymous connection is denied. Did I miss a step somewhere? How can I get both IE and the firewall client to use the credentials of the user that is logged in? Any help is appreciated. Steve ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx