ISA as Downstream Proxy

  • From: "Mark Zhang" <markxgzhang@xxxxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Sat, 20 Apr 2002 06:52:44 -0600

We recently upgrade our network to W2K, and there is a NT4.0 with Proxy 2
that is on the same TCP/IP network. The Proxy 2 has only one network
interface ? a NIC, and it is a downstream Proxy that is pointed to the
upstream Proxy through a router. This box has Domain Filters configured,
and it works fine on NT4.0 network.
After the upgrade to W2K, I installed Proxy 2 Client and Adminpak.msi onto
a W2K Pro box. I can access Internet, the Domain Filters are still
working, and I can use Outlook to access POP3-based e-mail system from
Internet, all the same as before (NT4.0 netowrk). But I have to spend
almost 5 minutes to see the ?Active Directory Users and Computers? snap-in
to pop up. If I uninstall the Proxy 2 Client, the snap-in can pop up in
seconds, but I cannot access POP3-based e-mail system from Internet
anymore.
So, I think ISA should be the answer to W2K network. I tried to install an
ISA on a W2K box with Integrated Mode (while keep the Proxy 2 box still up
and running), and there is only one network interface ? a NIC, on the ISA
box, the same as the Proxy 2 does, and configured it to route to the
Upstream Proxy, the same as the Proxy 2 does. I keep receiving error
message in Event Log on the ISA box, error code is 14120. According to
Microsoft, I have to either install ISA in Cache Only mode, or install
another NIC that directly connect to the Internet.
This network is a part of corporate network, and does not have direct
connection to the Internet, but through a router, and chained to Upstream
Proxy Server(s). So, it does not seem that the 2nd NIC could work. (the
2nd NIC will still be on the same IP network as the 1st one.)
I tried to reinstall the ISA in Cache Only mode, but Outlook cannot be
used to access POP3-based e-mail system from Internet, and ?site and
content rules? doesn?t work quite well either.
We have to chain the ISA box to the Upstream Proxy, we need firewall
stuff, and especially Site and Content rules to work; we also need access
to POP3-based e-mail system from Internet.  Basically, we currently just
need what the Proxy 2 did on the old NT4.0 network.

How can we achieve those? Please help.

Mark Zhang





Other related posts: