http://www.ISAserver.org ------------------------------------------------------- Of course is IE, we are not, but we look pretty much like a Microsoft subsidiary here. I'm wondering what will happen if one they Microsoft decided to start selling servers!!! Anyway, internet VPN connections, there is still dial up VPN connections? And the browser configuration is the firewall client job; it must configure the browser when it connected with the ISA server. Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, April 13, 2007 3:29 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- I'm guessing that the browser is IE? Have you configured the browser to use a proxy for the VPN dial-up connection? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Friday, April 13, 2007 12:09 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients Hmmmmmm!!!! Jim, I know is Friday, and to make it worse is Friday 13th but since I started with this I mentioned my VPN clients :-) What you are right is about the RSA, I never mentioned that part. But we can focus on the problem without RSA, since I discovered that the firewall client can not authenticate with the ISA server when you login on the VPN with RSA (it is pretty normal if you worked with RSA for some time). Anyway, probably I weren't clear, so this is my scenario. VPN user -----> VPN ISA with VPN access configure -----> Internal LAN -----> ISA server (proxy) -----> Internet What I want is that my user connected using the VPN can browse the internet using the same proxy my internal users are using. Actually the VPN users are doing that right now, but I want to traffic being send on port 8080 (my proxy port). When the internal users browse the web, I'm seeing the traffic sent to the proxy on port 8080. But when my VPN (without RSA) users browse the web, I'm seeing their traffic sent directly to the web page IP address on port 80. My problem is, why that is happening? I need it on port 8080. Sorry for changed of the topic, but one thing took me to the other one. Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, April 13, 2007 2:41 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- Diego, This would be the first time you mentioned anything about VPN clients; much less RSA-based login. Also,l the issue that I answered was regarding FWC auto-configuration requests, not "general traffic authentication". ISA has no idea of RSA-authenticated VPN users; there is no "user" context as such. Also, the VPN-connected FWC *must* use the listener for a separate network, since neither the Quarantined nor "normal" VPN client networks have a FWC listener. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Friday, April 13, 2007 5:25 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients Jim Well I discovered why the firewall client was not able to authenticate with the ISA server. It is because our users use RSA tokens to connect to the VPN, as soon as I created a VPN connection without RSA, the firewall client was able to do the authentication. Anyway I'm still having a little problem even without RSA in the middle, for some reason when from the VPN I browse internet I'm seeing all the traffic on the ISA log on port 80 instead of port 8080, which is what I need and how it works for my internal users. Do you have any idea why that can be happening? Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 7:51 PM To: 'isalist@xxxxxxxxxxxxx' Subject: Re: [isalist] Re: Auto Discovery for firewall and webproxy clients Yes -------------------------- Sent from my BlackBerry Wireless Device -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx> To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx> Sent: Thu Apr 12 18:55:18 2007 Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- Did you also restart the firewall service as the KB instructed? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 3:14 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients I'm using ISA2004 EE. And I request for authentication, that is why the I guess the document apply to my case. -------------------------- Sent from my BlackBerry Wireless Device -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx> To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx> Sent: Thu Apr 12 16:28:10 2007 Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- Are you using ISA 2004 or 2006? Enterprise or Standard Edition? The FWC cannot authenticate for configuration requests - that's the whole point of this article and the changes to be made. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 1:00 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients Well since my boss was having some rush on this issue, I crossed my fingers and executed the VB script mentioned in the article. Results: ...... well nothing change, but at least what was working is still working. Any idea on why the firewall client is not able to authenticate against the ISA server when the user I connected to the VPN, but work fine internally? Thanks Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, April 12, 2007 1:21 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- I have all my internal user's firewall client detecting automatically the ISA server array. The same ISA server array detected for the firewall client is acting as my VPN server, and the clients connected to that VPN are receiving an IP on the internal subnet range. But they are having issues using the firewall client, actually the firewall client is detecting the right ISA server, but can not authenticate with it. Of course the rule between my VPN network and my internal network (where the ISA server reside) is ROUTE, I'm wondering if the solution on that article will fix my issue, without affecting my already working internal authentication with the server. What you think? Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, April 11, 2007 7:28 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- http://support.microsoft.com/kb/885683 -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Stephen Herrera Sent: Wednesday, April 11, 2007 8:32 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Auto Discovery for firewall and webproxy clients http://www.ISAserver.org ------------------------------------------------------- I am using ISA2004 with Firewall and Web Proxy clients. I have setup the information manually in the past without any problems. I would like to implement auto discovery and have followed a couple of the articles on ISAserver.org. I have: Created the wpad entry via DNS. Set IE to auto detect Set the firewall client to auto detect Verified ISA is publishing the Auto Discover via the MMC and going to http://wpad/wpad.dat When I couldn't connect with the firewall client I used ISA monitoring to see what was going on. When the firewall client or web proxy client make the initial connection they are connecting anonymously. IE brings up an authentication window so that credentials can be entered but the firewall client doesn't so it fails to discover the server because the anonymous connection is denied. Did I miss a step somewhere? How can I get both IE and the firewall client to use the credentials of the user that is logged in? Any help is appreciated. Steve ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx