[isalist] Re: VPN users and proxy
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 15 Nov 2007 08:18:10 -0600
:) OK, that's better.
Yes, you can configure the VPN clients to use both the Firewall client
and the Web Proxy client configuration and configure those clients to
use an ISA Firewall that's not the one that they're connected to. You
can even have the VPN clients take advantage of your internal WPAD
entries when they connect to the VPN server and contact the internal DNS
server.
However, its not quite that easy. The reason for that is that autoconfig
will configure the LAN connection's Web proxy config, and you need to
configure the VPN client connection to use the Web proxy configuration.
Like Jim mentioned, the easiest way to do this is using the CMAK, unless
you want your users to configure this manually. The CMAK won't configure
the Firewall client, but WPAD will do that when the VPN client connects
to the network.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN
INTERLINK INFRA ASST MGR
Sent: Thursday, November 15, 2007 4:58 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN users and proxy
Did I say ISA client again?
I need to add some kind of rule on my outlook.
Of course I was talking about the firewall client, what else?
;-)
--------------------------
Sent from my BlackBerry Wireless Device
----- Original Message -----
From: isalist-bounce@xxxxxxxxxxxxx
<isalist-bounce@xxxxxxxxxxxxx>
To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx>
Sent: Wed Nov 14 20:14:13 2007
Subject: [isalist] Re: VPN users and proxy
I have an answer, but you have to call the FIREWALL client by
it's correct name ;)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN
INTERLINK INFRA ASST MGR
Sent: Wednesday, November 14, 2007 2:59 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] VPN users and proxy
I have 1 ISA 2004 EE configured as a proxy/firewall for
internal users and is also acting as a VPN server (1 IP there is
configured to accept VPN connections).
Since for the VPN users the ISA itself is the gateway
(when they are connected), they are going to internet trough that same
ISA server.
There is any way to force those VPN clients to use
another internal ISA server (ISA 2006 EE) as a proxy? For sure doesn't
work simply specifying the name of that other ISA server on the IE or
proxy client, because I already tried.
Both ISA servers are on the same subnet (the VPN server
and the one I want them to use as proxy).
Thanks
Regards
Diego R. Pietruszka
MSC (USA) - Interlink Transport Technologies
Other related posts:
