Re: Help!! Authentication Question??

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 10 Apr 2002 06:44:52 -0700

Hi Elvin,

    Here are some issues that pop immediately to mind:
1. your packet filter will not affect internal host traffic; you need
protocol rules for them
2. even then, the packet filter is defined incorrectly; it should be remote
port 80, not 25
3. you've applied an internal IP to a packet filter; it won't work as
described in #1

If you want this to work, you'll have to:
1. apply the client address set to an "Allow" HTTP protocol rule
2. make the IP-A client a secureNAT or Firewall client
3. set the HTTP redirector to forward web requests directly

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Elvin Chong" <elvin.chong@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, April 10, 2002 12:54 AM
Subject: [isalist] Help!! Authentication Question??


http://www.ISAserver.org


I'm fresh in ISA please help me solve the below problem.
Currently i set the Outgoing web request to Basic and Integrated mode and
checked Ask Anauthenticated user for identification. The LAT is set
properly for all the internal IP address range.

The Question is:
I create one client set for this particular IP Adress A and set the
protocol rules to allow All Protocol for this IP Addr A and create IP
packet filters for Allow outbound request to HTTP (setting: Filter type
tab->Custom->TCP->Direction=outbound->local port=Dynamic->remote
port=fixed->remote port number=25 and local computer addr=IP Addr A)for
this IP Addr A.

When this client does not set any proxy setting(include automatic proxy
setting is unchecked) for its IE5 and above version, thus it allow to
access the internet?? Any idea to avoid pass through the authentication
and allow access to the web site?

When i does not set the proxy setting, the IE5 will display err
407-forbidden.

Thanks!


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: