RE: users logged as anonymous in WWW logs???
- From: "Jason Ballard" <jasonb54@xxxxxxxxx>
- To: "'Hanson, Ben'" <Ben.Hanson@xxxxxxxxxxxxx>, "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 28 Jan 2003 16:30:15 -0500
Ben,
You are correct that you have Web Proxy clients in your environment.
Configuring SecureNAT clients on a simple network is very easy. On
complex networks with multiple routers, it is possible to still use
SecureNAT clients, but routes need to be setup to pass requests to the
internal NIC of the ISA Server. Jim Harrison has an article on the
configuration of SecureNAT clients in a complex network. Check out
http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a
_Complex_Network.html (URL will wrap).
As for the authentication, the check box forcing authentication will
work, but how is your S&C rules setup? On the Applies To tab, do you
allow for any request. You may want to apply access to groups of users
in your domain.
I have several clients configured in this manner and all requests are
shown as the user and not anonymous.
I have put this back in the ISA list in case someone wants to add more
information.
HTH,
Jason
-----Original Message-----
From: Hanson, Ben [mailto:Ben.Hanson@xxxxxxxxxxxxx]
Sent: Tuesday, January 28, 2003 4:13 PM
To: jasonb54@xxxxxxxxx
Subject: Re: users logged as anonymous in WWW logs???
Thanks Jason. Sorry to respond to your email instead of the group by the
way but it looks like my ISP's news server is tanking.
The IP Gateway on the client is not the same as the internal
IP address of the ISA server, set as the Proxy server address in IE.
According to the guy that responded to me first, that makes them Web
Proxy clients, which always attempt to go anonymous. Is
there any way therefore to force authentication? I checked the box on
outgoing web requests to require authentication, but I don't know if
that
will fix it. Am I stuck logging "anonymous" users? I cannot see how MS
would
create ISA this way, especially in an Enterprise environment, where the
default gateway is rarely the same as the Proxy/ISA server for Internet
access. Hopefully there is a way around it...
-Ben
"Jason Ballard" <jasonb54@xxxxxxxxx> wrote in message
news:<eOUjrJwxCHA.2564@TK2MSFTNGP12>...
> If the clients are configured with their default gateway to the ISA
server
> internal NIC address, then those clients are considered SecureNAT
clients.
> If the clients have had their Internet Explorer settings modified to
point
> to the ISA server, those clients are considered Web proxy clients.
>
> HTH,
> --
> Jason Ballard
> Network Consultant / Trainer
> MCSE+I, MCT, MCSA, CCA, Network +
>
> 'By stretching yourself beyond your perceived level of confidence, you
> accelerate your development of competence.'
> "Ben Hanson" <transparency_76@xxxxxxxxxxx> wrote in message
> news:wjAZ9.7217$u12.1991953@xxxxxxxxxxxxxxxxxx
> > How do you know what kind of clients they are? None of them have the
> > firewall client installed but that is all I have done.
> >
> > -Ben
> >
> > "GQ" <mohamed.raslan@xxxxxxxxxxxxxx> wrote in message
> > news:002e01c2c6f1$495c9f20$d5f82ecf@xxxxxxxxxxxxxxxx
> > > first of all double check on this, in the server
> > > properties, in the out going web requests, place acheck
> > > mark on the "ask unauthenticated users for authentication".
> > >
> > > second, ensure that the clients are configured as web
> > > proxy client not as firewall or secure NAT clients, cause
> > > if they are, the HTTP redirector well forword these
> > > request to the web proxy service without the
> > > authentication enformation.
> >
> >
>
>
Other related posts:
- » RE: users logged as anonymous in WWW logs???
