RE: Mixed Authentication Environment

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Thu, 3 Nov 2005 11:00:46 -0600
Hi Bill,
 
Computer authentication is not supported.
 
You can use computer sets for IP address based access control.
 
General rule of thumb for ordering rules:
 
Deny anonymous
Deny authenticated
Allow anonymous
Allow authenticated
 
Like all bromides, this is a vast simplification. But it'll get you 90%
of where you want to go.
 
HTH,
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] 
        Sent: Thursday, November 03, 2005 10:50 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Mixed Authentication Environment
        
        
        http://www.ISAserver.org
        

        Hello,

         

        I would like to setup a "mixed" environment of ISA firewall
clients and Secure NET Clients. The goal is to control access based on
which user has logged onto The firewall client machines without having
the secure NAT clients affected.

         

        After reading through
http://www.isaserver.org/articles/ISA2004_AccessRules.html  

         

        In the section on user authentication rules: The article
describes the behavior of rules when the user can not be authenticated
which is the case for Secure Net Clients. What I am having trouble with
is that unless I force all users to authenticate the Rules that have
restrictions placed on them don't work. In other words it appears that
the users must be validated in order for them to work. Forcing
validation by setting all users my authenticate fixes the ISA Firewall
Clients but breaks the Secure Net Clients.

         

        Is there a way to create and All unauthenticated users rule set
and make it an exception to a rule in ISA2004?

         

        Is there some way to apply a rule to someone who has presented
credentials but has not necessarily been validated? (Yes I know this
would be really weak security its just a question).

         

        Is there a way to validate a computer account for Secure Net
Clients?   I guess if I fixed the IP address of all of these then I
could make them exceptions to a rule or could I ?  Client IP is
evaluated before user correct?

         

        Thanks

         

        Bill

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx
RE: Mixed Authentication Environment

Other related posts:
