RE: Help with the web proxy setup in ISA 2004
- From: "Roy Tsao" <roy_tsao@xxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Tue, 24 May 2005 22:12:07 -0600
In case web proxy authentication is required, the auto-config web
proxy setting's address shall be changed at ISABox from URL with dot
into localhost name only i.e.: http://isalocal:8080...
Otherwise autoconfiguration does work. Authentication window pop-up
each time when open up new I/E session, and also local address will not
be by passed by ISA.
> This is a multi-part message in MIME format.
>
> ------_=_NextPart_001_01C55FFF.5CB82194
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> Hi Tim,
> =20
> In order to use the settings you configured for Web Proxy Direct Access
> in the ISA firewall console, you need to complete the process by
> configuring the Web proxy clients to use the autoconfiguration script.
> Autodiscovery will accomplish this just fine, or you can do it manually
> or through Group policy.
> =20
> HTH,
> Tom
> www.isaserver.org/shinder <http://www.isaserver.org/shinder>=20
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>=20
> MVP -- ISA Firewalls
>
> =20
>
> ________________________________
>
> From: tim S [mailto:tim724342@xxxxxxxxx]=20
> Sent: Monday, May 23, 2005 8:15 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Help with the web proxy setup in ISA 2004
>
>
> http://www.ISAserver.org=20
> I have ISA 2004 on w2k3 and it's an edge firewall. I allow all protocol
> from Internal to External (this will soon be changed). All three client
> types are configured in each workstation. My Internal machines have
> problem accessing internal websites (No looping through firewall). If I
> disable the proxy setting in the browser, workstations have no problem.
> I check marked 'By pass addresses found in the Domain Tab" and also
> entered my internal domain name in the Web browser tab of "Internal"
> network properties. I still can't get the web proxy clients not to
> contact ISA for internal websites. If I use the computer name instead
> of http://some.http.address.local, everything works fine too. I was
> able to solve the problem (for the time being) by modifying the "Allow
> all outbound traffic" rule with FROM: Internal and TO: Anywhere. I had
> it preveoulsy as FROM: Internal and TO: External. I think my solution is
> bit convulated. After reading Tom's book, I didn't want to install
> Ethereal on my firewall but Network monitor has a big learning curve.
> Your help is greatly appreciated.
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around=20
> http://mail.yahoo.com
> ------------------------------------------------------ List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA Server
> Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
> FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------ Other Internet
> Software Marketing Sites: World of Windows Networking:
> http://www.windowsnetworking.com Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange Server Resource Site:
> http://www.msexchange.org Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------ You are currently
> subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist Report abuse to
> listadmin@xxxxxxxxxxxxx
>
>
> ------_=_NextPart_001_01C55FFF.5CB82194
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Dus-ascii">
> <META content=3D"MSHTML 6.00.2800.1498" name=3DGENERATOR></HEAD>
> <BODY>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT =
> color=3D#0000ff=20
> size=3D2>Hi Tim,</FONT></SPAN></DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT =
> color=3D#0000ff=20
> size=3D2></FONT></SPAN> </DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT =
> color=3D#0000ff=20
> size=3D2>In order to use the settings you configured for Web Proxy =
> Direct Access=20
> in the ISA firewall console, you need to complete the process by =
> configuring the=20
> Web proxy clients to use the autoconfiguration script. Autodiscovery =
> will=20
> accomplish this just fine, or you can do it manually or through Group=20
> policy.</FONT></SPAN></DIV>
> <DIV><FONT color=3D#0000ff size=3D2></FONT> </DIV>
> <DIV><SPAN class=3D665252301-24052005><FONT color=3D#0000ff=20
> size=3D2>HTH,</FONT></SPAN></DIV><B>
> <P align=3Dleft><FONT face=3D"Trebuchet MS" =
> size=3D2>Tom<BR></FONT></B><A=20
> href=3D"http://www.isaserver.org/shinder";><B><U><FONT =
> color=3D#0000ff><FONT=20
> face=3D"Trebuchet MS"=20
> size=3D2>www.isaserver.org/shinder</FONT></B></U></FONT></A><BR><B><FONT =
>
> face=3D"Trebuchet MS" size=3D2><FONT color=3D#004000>Tom and Deb =
> Shinder's Configuring=20
> ISA Server 2004</FONT><BR></FONT></B><A=20
> href=3D"http://tinyurl.com/3xqb7";><B><U><FONT color=3D#0000ff><FONT=20
> face=3D"Trebuchet MS"=20
> size=3D2>http://tinyurl.com/3xqb7</FONT></B></U></FONT></A><BR><B><FONT=20
> face=3D"Trebuchet MS" size=3D2>MVP -- ISA =
> Firewalls</FONT></B><B></P></B>
> <DIV> </DIV><BR>
> <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft>
> <HR tabIndex=3D-1>
> <FONT face=3DTahoma size=3D2><B>From:</B> tim S =
> [mailto:tim724342@xxxxxxxxx]=20
> <BR><B>Sent:</B> Monday, May 23, 2005 8:15 PM<BR><B>To:</B> =
> [ISAserver.org=20
> Discussion List]<BR><B>Subject:</B> [isalist] Help with the web proxy =
> setup in=20
> ISA 2004<BR></FONT><BR></DIV>
> <DIV></DIV>http://www.ISAserver.org=20
> <DIV>I have ISA 2004 on w2k3 and it's an edge firewall. I allow =
> all=20
> protocol from Internal to External (this will soon be changed). All =
> three=20
> client types are configured in each workstation. My=20
> Internal machines have problem accessing internal websites (No =
> looping=20
> through firewall). If I disable the proxy setting in the =
>
> browser, workstations have no problem. I check marked=20
> 'By pass addresses found in the Domain Tab" and also entered =
> my=20
> internal domain name in the Web browser tab of "Internal" network=20
> properties. I still can't get the web proxy clients =
> not to=20
> contact ISA for internal websites. If I use the computer name =
> instead=20
> of <A =
> href=3D"http://some.http.address.local";>http://some.http.address.local</A=
> >,=20
> everything works fine too. I was able =
> to solve the=20
> problem (for the time being) by modifying the "Allow all outbound =
> traffic"=20
> rule with FROM: Internal and TO: Anywhere. I had it preveoulsy as =
> FROM:=20
> Internal and TO: External. I think my solution is bit =
> convulated. =20
> After reading Tom's book, I didn't want to install Ethereal on my =
> firewall but=20
> Network monitor has a big learning curve. Your help is greatly=20
> appreciated.</DIV>
> <P>__________________________________________________<BR>Do You =
> Yahoo!?<BR>Tired=20
> of spam? Yahoo! Mail has the best spam protection around=20
> <BR>http://mail.yahoo.com =
> ------------------------------------------------------=20
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA =
> Server=20
> Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server =
> FAQ:=20
> http://www.isaserver.org/pages/larticle.asp?type=3DFAQ=20
> ------------------------------------------------------ Other Internet =
> Software=20
> Marketing Sites: World of Windows Networking: =
> http://www.windowsnetworking.com=20
> Leading Network Software Directory: http://www.serverfiles.com No.1 =
> Exchange=20
> Server Resource Site: http://www.msexchange.org Windows Security =
> Resource Site:=20
> http://www.windowsecurity.com/ Network Security Library: =
> http://www.secinf.net/=20
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com=20
> ------------------------------------------------------ You are currently =
>
> subscribed to this ISAserver.org Discussion List as: =
> tshinder@xxxxxxxxxxxxxxxxxx=20
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist Report=20
> abuse to listadmin@xxxxxxxxxxxxx</P></BODY></HTML>
>
> ------_=_NextPart_001_01C55FFF.5CB82194--
Other related posts:
