In case web proxy authentication is required, the auto-config web proxy setting's address shall be changed at ISABox from URL with dot into localhost name only i.e.: http://isalocal:8080... Otherwise autoconfiguration does work. Authentication window pop-up each time when open up new I/E session, and also local address will not be by passed by ISA. > This is a multi-part message in MIME format. > > ------_=_NextPart_001_01C55FFF.5CB82194 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > Hi Tim, > =20 > In order to use the settings you configured for Web Proxy Direct Access > in the ISA firewall console, you need to complete the process by > configuring the Web proxy clients to use the autoconfiguration script. > Autodiscovery will accomplish this just fine, or you can do it manually > or through Group policy. > =20 > HTH, > Tom > www.isaserver.org/shinder <http://www.isaserver.org/shinder>=20 > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>=20 > MVP -- ISA Firewalls > > =20 > > ________________________________ > > From: tim S [mailto:tim724342@xxxxxxxxx]=20 > Sent: Monday, May 23, 2005 8:15 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Help with the web proxy setup in ISA 2004 > > > http://www.ISAserver.org=20 > I have ISA 2004 on w2k3 and it's an edge firewall. I allow all protocol > from Internal to External (this will soon be changed). All three client > types are configured in each workstation. My Internal machines have > problem accessing internal websites (No looping through firewall). If I > disable the proxy setting in the browser, workstations have no problem. > I check marked 'By pass addresses found in the Domain Tab" and also > entered my internal domain name in the Web browser tab of "Internal" > network properties. I still can't get the web proxy clients not to > contact ISA for internal websites. If I use the computer name instead > of http://some.http.address.local, everything works fine too. I was > able to solve the problem (for the time being) by modifying the "Allow > all outbound traffic" rule with FROM: Internal and TO: Anywhere. I had > it preveoulsy as FROM: Internal and TO: External. I think my solution is > bit convulated. After reading Tom's book, I didn't want to install > Ethereal on my firewall but Network monitor has a big learning curve. > Your help is greatly appreciated. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around=20 > http://mail.yahoo.com > ------------------------------------------------------ List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA Server > Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server > FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > ------------------------------------------------------ Other Internet > Software Marketing Sites: World of Windows Networking: > http://www.windowsnetworking.com Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange Server Resource Site: > http://www.msexchange.org Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ You are currently > subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist Report abuse to > listadmin@xxxxxxxxxxxxx > > > ------_=_NextPart_001_01C55FFF.5CB82194 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Dus-ascii"> > <META content=3D"MSHTML 6.00.2800.1498" name=3DGENERATOR></HEAD> > <BODY> > <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT = > color=3D#0000ff=20 > size=3D2>Hi Tim,</FONT></SPAN></DIV> > <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT = > color=3D#0000ff=20 > size=3D2></FONT></SPAN> </DIV> > <DIV dir=3Dltr align=3Dleft><SPAN class=3D665252301-24052005><FONT = > color=3D#0000ff=20 > size=3D2>In order to use the settings you configured for Web Proxy = > Direct Access=20 > in the ISA firewall console, you need to complete the process by = > configuring the=20 > Web proxy clients to use the autoconfiguration script. Autodiscovery = > will=20 > accomplish this just fine, or you can do it manually or through Group=20 > policy.</FONT></SPAN></DIV> > <DIV><FONT color=3D#0000ff size=3D2></FONT> </DIV> > <DIV><SPAN class=3D665252301-24052005><FONT color=3D#0000ff=20 > size=3D2>HTH,</FONT></SPAN></DIV><B> > <P align=3Dleft><FONT face=3D"Trebuchet MS" = > size=3D2>Tom<BR></FONT></B><A=20 > href=3D"http://www.isaserver.org/shinder";><B><U><FONT = > color=3D#0000ff><FONT=20 > face=3D"Trebuchet MS"=20 > size=3D2>www.isaserver.org/shinder</FONT></B></U></FONT></A><BR><B><FONT = > > face=3D"Trebuchet MS" size=3D2><FONT color=3D#004000>Tom and Deb = > Shinder's Configuring=20 > ISA Server 2004</FONT><BR></FONT></B><A=20 > href=3D"http://tinyurl.com/3xqb7";><B><U><FONT color=3D#0000ff><FONT=20 > face=3D"Trebuchet MS"=20 > size=3D2>http://tinyurl.com/3xqb7</FONT></B></U></FONT></A><BR><B><FONT=20 > face=3D"Trebuchet MS" size=3D2>MVP -- ISA = > Firewalls</FONT></B><B></P></B> > <DIV> </DIV><BR> > <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft> > <HR tabIndex=3D-1> > <FONT face=3DTahoma size=3D2><B>From:</B> tim S = > [mailto:tim724342@xxxxxxxxx]=20 > <BR><B>Sent:</B> Monday, May 23, 2005 8:15 PM<BR><B>To:</B> = > [ISAserver.org=20 > Discussion List]<BR><B>Subject:</B> [isalist] Help with the web proxy = > setup in=20 > ISA 2004<BR></FONT><BR></DIV> > <DIV></DIV>http://www.ISAserver.org=20 > <DIV>I have ISA 2004 on w2k3 and it's an edge firewall. I allow = > all=20 > protocol from Internal to External (this will soon be changed). All = > three=20 > client types are configured in each workstation. My=20 > Internal machines have problem accessing internal websites (No = > looping=20 > through firewall). If I disable the proxy setting in the = > > browser, workstations have no problem. I check marked=20 > 'By pass addresses found in the Domain Tab" and also entered = > my=20 > internal domain name in the Web browser tab of "Internal" network=20 > properties. I still can't get the web proxy clients = > not to=20 > contact ISA for internal websites. If I use the computer name = > instead=20 > of <A = > href=3D"http://some.http.address.local";>http://some.http.address.local</A= > >,=20 > everything works fine too. I was able = > to solve the=20 > problem (for the time being) by modifying the "Allow all outbound = > traffic"=20 > rule with FROM: Internal and TO: Anywhere. I had it preveoulsy as = > FROM:=20 > Internal and TO: External. I think my solution is bit = > convulated. =20 > After reading Tom's book, I didn't want to install Ethereal on my = > firewall but=20 > Network monitor has a big learning curve. Your help is greatly=20 > appreciated.</DIV> > <P>__________________________________________________<BR>Do You = > Yahoo!?<BR>Tired=20 > of spam? Yahoo! Mail has the best spam protection around=20 > <BR>http://mail.yahoo.com = > ------------------------------------------------------=20 > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist ISA = > Server=20 > Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server = > FAQ:=20 > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ=20 > ------------------------------------------------------ Other Internet = > Software=20 > Marketing Sites: World of Windows Networking: = > http://www.windowsnetworking.com=20 > Leading Network Software Directory: http://www.serverfiles.com No.1 = > Exchange=20 > Server Resource Site: http://www.msexchange.org Windows Security = > Resource Site:=20 > http://www.windowsecurity.com/ Network Security Library: = > http://www.secinf.net/=20 > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com=20 > ------------------------------------------------------ You are currently = > > subscribed to this ISAserver.org Discussion List as: = > tshinder@xxxxxxxxxxxxxxxxxx=20 > To unsubscribe visit = > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist Report=20 > abuse to listadmin@xxxxxxxxxxxxx</P></BODY></HTML> > > ------_=_NextPart_001_01C55FFF.5CB82194--