http://www.ISAserver.org ------------------------------------------------------- To my knowledge, RSA in ISA only allows for RSA authentication separately and unrelated to any underlying AD authentication (no true two-factor authentication). Cordially yours, Jerry G. Young II Application Engineer, Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA > ASST MGR > Sent: Friday, April 13, 2007 3:21 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > http://www.ISAserver.org > ------------------------------------------------------- > > I would invite you to play with RSA here, but believe me you would quit > in less than a week. > > Regards > Diego R. Pietruszka > MSC (USA) - Interlink Transport Technologies > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Friday, April 13, 2007 3:12 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > http://www.ISAserver.org > ------------------------------------------------------- > > To be fair to Diego, the buttheads at RSA never provided me with demo > software so that we could work these details out, and the docs on RSA > support are abysmal at best and sux the big whahooie at worst. > > So the fact that he wasn't able to read the minds of whoever knows how > this works isn't his fault, he just didn't have the extrasensory > perception the docs team thought he needed. > > GMT > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Friday, April 13, 2007 1:41 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > http://www.ISAserver.org > ------------------------------------------------------- > > Diego, > > This would be the first time you mentioned anything about VPN clients; > much less RSA-based login. > Also,l the issue that I answered was regarding FWC auto-configuration > requests, not "general traffic authentication". > ISA has no idea of RSA-authenticated VPN users; there is no "user" > context as such. > Also, the VPN-connected FWC *must* use the listener for a separate > network, since neither the Quarantined nor "normal" VPN client networks > have a FWC listener. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR > Sent: Friday, April 13, 2007 5:25 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > Jim > > > > Well I discovered why the firewall client was not able to authenticate > with the ISA server. > > It is because our users use RSA tokens to connect to the VPN, as soon > as > I created a VPN connection without RSA, the firewall client was able to > do the authentication. > > > > Anyway I'm still having a little problem even without RSA in the middle, > for some reason when from the VPN I browse internet I'm seeing all the > traffic on the ISA log on port 80 instead of port 8080, which is what I > need and how it works for my internal users. > > Do you have any idea why that can be happening? > > > > Regards > > Diego R. Pietruszka > > MSC (USA) - Interlink Transport Technologies > > > > > > -----Original Message----- > From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR > Sent: Thursday, April 12, 2007 7:51 PM > To: 'isalist@xxxxxxxxxxxxx' > Subject: Re: [isalist] Re: Auto Discovery for firewall and webproxy > clients > > > > Yes > > > > -------------------------- > > Sent from my BlackBerry Wireless Device > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx> > > To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx> > > Sent: Thu Apr 12 18:55:18 2007 > > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Did you also restart the firewall service as the KB instructed? > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR > > Sent: Thursday, April 12, 2007 3:14 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > > > I'm using ISA2004 EE. > > And I request for authentication, that is why the I guess the document > apply to my case. > > > > > > -------------------------- > > Sent from my BlackBerry Wireless Device > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx> > > To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx> > > Sent: Thu Apr 12 16:28:10 2007 > > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Are you using ISA 2004 or 2006? > > Enterprise or Standard Edition? > > > > The FWC cannot authenticate for configuration requests - that's the > > whole point of this article and the changes to be made. > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > > On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR > > Sent: Thursday, April 12, 2007 1:00 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > > > Well since my boss was having some rush on this issue, I crossed my > > fingers and executed the VB script mentioned in the article. > > > > > > > > Results: ...... well nothing change, but at least what was working is > > still working. > > > > > > > > Any idea on why the firewall client is not able to authenticate against > > the ISA server when the user I connected to the VPN, but work fine > > internally? > > > > > > > > Thanks > > > > > > > > Regards > > > > Diego R. Pietruszka > > > > MSC (USA) - Interlink Transport Technologies > > > > > > > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > > On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR > > Sent: Thursday, April 12, 2007 1:21 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > I have all my internal user's firewall client detecting automatically > > the ISA server array. > > > > The same ISA server array detected for the firewall client is acting as > > my VPN server, and the clients connected to that VPN are receiving an > IP > > on the internal subnet range. > > > > > > > > But they are having issues using the firewall client, actually the > > firewall client is detecting the right ISA server, but can not > > authenticate with it. > > > > > > > > Of course the rule between my VPN network and my internal network > (where > > the ISA server reside) is ROUTE, I'm wondering if the solution on that > > article will fix my issue, without affecting my already working > internal > > authentication with the server. > > > > > > > > What you think? > > > > > > > > Regards > > > > Diego R. Pietruszka > > > > MSC (USA) - Interlink Transport Technologies > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > > > Sent: Wednesday, April 11, 2007 7:28 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > http://support.microsoft.com/kb/885683 > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Stephen Herrera > > > > Sent: Wednesday, April 11, 2007 8:32 AM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Auto Discovery for firewall and webproxy clients > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > I am using ISA2004 with Firewall and Web Proxy clients. I have setup > the > > > > information manually in the past without any problems. I would like to > > > > implement auto discovery and have followed a couple of the articles on > > > > ISAserver.org. I have: > > > > > > > > Created the wpad entry via DNS. > > > > Set IE to auto detect > > > > Set the firewall client to auto detect > > > > Verified ISA is publishing the Auto Discover via the MMC and going to > > > > http://wpad/wpad.dat > > > > > > > > When I couldn't connect with the firewall client I used ISA monitoring > > > > to see what was going on. When the firewall client or web proxy client > > > > make the initial connection they are connecting anonymously. IE brings > > > > up an authentication window so that credentials can be entered but the > > > > firewall client doesn't so it fails to discover the server because the > > > > anonymous connection is denied. Did I miss a step somewhere? How can I > > > > get both IE and the firewall client to use the credentials of the user > > > > that is logged in? Any help is appreciated. > > > > > > > > Steve > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx