RE: Globally set proxy in IE and 2004 VPN question( s)

• From: "Greg Hess" <gmh@xxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 22 Jul 2004 09:40:44 -0400

Jim - This is a neat tool, but it doesn't set the automatic
configuration script, don't I need this?

Tx.
G.

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, July 21, 2004 11:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(
s)


http://www.ISAserver.org

If you want to define the  browser proxy settings and prevent the user
from having the ability to change it, then DON'T set it at 
the user level.
Instead, make your settings at the machine level and disable per-user
settings. http://isatools.org/ie_proxy.vbs is a hacky example of just
such a process.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, July 21, 2004 08:46
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(
s)


http://www.ISAserver.org

I really don't have any plans, I have a bunch of servers at home that I
have set up, and I have some spare VIA C3 systems that I let my friends
use as web/ftp servers for whatever they want to do with the
understanding that I'm not responsible if I need more space on my system
and "borrow" the boot drive to store mpeg clips from my ReplayTV....
This sounds like an interesting way of letting them just VPN into their
server on their own network and keep them off my
research/practice/personal domain.....

I'm guessing that's chapter 5 in your new 2004 book, which now I'll be
forced to buy in addition to all the other ones..... Oh wait, I filled
up that book self, I'll have to build another one.... Oh, wait, I put
the fish tank there..... I'll have to move the tv then, but I don't have
anywhere else in the room with that many plug in's and cat5 drops....

Damn you and your books! I'll have to build a new room onto the house to
put them in.... =?)

Troy

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 10:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(
s)


http://www.ISAserver.org

Hi Troy,

I've included some information in chapter 5 of the book and will include
even more in the VPN chapter (chapter 8), but I don't think there's
anything on the Microsoft site yet. There is also some info on RADIUS
configure for VPN clients in the ISA 2004 VPN kit
(www.msfirewall.org/isa2004kits.htm) but not specific for the tri-homed
setup.

What do you have in mind for your RADIUS plan?

Thanks!

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls



-----Original Message-----
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 8:44 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(
s)


http://www.ISAserver.org

Is there a write up on this 3+ NIC config with RADIUS somewhere Tom?
I've used RADIUS with Cisco stuff before, but not Windows based
equipment.

TIA
Troy

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 8:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(s)


http://www.ISAserver.org

Hi Greg,

Yes, the update button will refresh the Web Proxy config for the other
users.

You definitely can VPN to different segments -- just create the
appropriate access rules. Suppose you have 10 NICs install on the ISA
firewall. You want VPN users to access networks attached to the other 9
NICs based on their user account and group membership. No problem!
That's a no-brainer for the ISA firewall. Each NIC can host another
organization and you can configure access policy to allow users to
access the networks they need to without allowing them access to other
networks. What cool is you can use RADIUS and a list of RADIUS servers
to simplify this otherwise complex "federated" scenario.

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls



-----Original Message-----
From: Greg Hess [mailto:gmh@xxxxxxxx]
Sent: Wednesday, July 21, 2004 8:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(s)


http://www.ISAserver.org

Tom,

Thanks for the quick reply! Are you talking the 'update' button in the
firewall client? Also, can I VPN onto two different segments on the ISA
2004 box? I've never tried that but have a need.

Greg.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 9:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(s)


http://www.ISAserver.org

Hi Greg,

Subsequent users can use the Firewall client dialog box to set their
browsers too. Just doesn't happen automatically (sort of like my 1040s
don't get file automatically :-)

There are two very good contenders for ISA firewall appliances:
www.rimapp.com and www.networkengines.com  So far, the Rimapp is more
"appliancized" with a complete conversion to Web interface -- you never
have to touch the MMC and can use the Web interface for total firewall
management.

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls



-----Original Message-----
From: Greg Hess [mailto:gmh@xxxxxxxx]
Sent: Wednesday, July 21, 2004 8:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Globally set proxy in IE and 2004 VPN question(s)


http://www.ISAserver.org

Hey everybody!

I noticed that installing the firewall client sets up the IE settings
for proxy etc. However, if there is more than one profile on the PC, it
does not set these IE settings for the other profiles. Is there any way
(non-GPO) to do this? It would help a lot. I've looked at the registry
settings, but have yet to find a way to set these settings globally.

 - Also -

I would like to set up an isa 2004 appliance (are those ready yet?)
between three networks such that one machine from one network can vpn in
and connect to the other two, is this possible, or am I good looking? (I
used to say crazy, but that was just asking for trouble)

Tx!

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 9:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: question


http://www.ISAserver.org

Hi Ricky,

http://www.amazon.com/exec/obidos/ASIN/1928994296/

;-)

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls

Other related posts:

• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)
• » RE: Globally set proxy in IE and 2004 VPN question( s)

1. Home
2. isalist
3. Archive
4. 07-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---