Jump to content
The mkiv Supra Owners Club

IT Bods - ISA access rule to allow traffic direct from client to ISP proxy.

edd_t

By edd_t
in Off Topic

 Share

Recommended Posts

edd_t Newbie

edd_t

Posted
Posted

Right, am hoping this makes sense :D

 

I currently have ISA 2004 as my networks proxy.

All my IE clients point to the ISA's IP address as their proxy.

 

But I would like some of my clients to now point straight at my ISP and use that as a proxy server.

 

After adding my ISP's address into the proxy config of IE though, I can no longer browse any websites.

 

A guess at the moment is that the ISA isnt allowing traffic to go directly through it (if thats the correct term) so probably need to open something up or create an access rule.

 

Any one got any ideas?

 

:D

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted

ugh. I dunno. You need to correctly set up your routing, so that the machines use the ISA box as their default gateway (in tcp/ip properties of the interface). Then you'll need to make sure that ISA has the NAT rule enabled, and then also make sure that there is a rule allowing the workstations to get out on port 80 (or service = http as I think they call it in ISA server)

Link to comment
Share on other sites
edd_t Newbie

edd_t

Posted
  • Author
Posted

the isa is the default gateway. and port 80 and 8080 are set for http so thats all fine.

Never thought of checking NAT. might even be on the ASA! damn these stupid firewalls, why did anyone ever invent them!

Link to comment
Share on other sites
edd_t Newbie

edd_t

Posted
  • Author
Posted
Or, are you saying that the ISA box is *just* a proxy? Do you have a separate router on the same subnet through which they should be able the access the internet directly?

 

the ISA is set as proxy and firewall. after the isa is the DMZ, then the router/firewall i believe. confused cos i am! the router is on a different subnet.

 

and yeh im guessing what i was saying in the first post is that i want them to access internet directly! but then saying that, i still want the ISA access rules to work, cos thats whats stopping people doing naughty things at the moment.

 

i think i have no chance of this working!

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted

I haven't played with ISA much at all, but on the last installation I did (SBS 2003 prem), I had to create a NAT rule for the ISA box to actually do the masquerading. To be honest I found the whole system quite irritating. There were some things that I was much happier configuring directly through RRAS (VPN and Dial-up Interfaces), but ISA Server took over all that.

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
the ISA is set as proxy and firewall. after the isa is the DMZ, then the router/firewall i believe. confused cos i am! the router is on a different subnet.

 

and yeh im guessing what i was saying in the first post is that i want them to access internet directly! but then saying that, i still want the ISA access rules to work, cos thats whats stopping people doing naughty things at the moment.

 

i think i have no chance of this working!

 

That's good, and how it should be. It'd be pretty daft to have a firewall in place which people didn't *have* to go through to get at the internet :) They'd just update their routing table and bypass the firewall if that was the case.

 

I think you're on the money with the NAT rule up to now.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. You might also be interested in our Guidelines, Privacy Policy and Terms of Use.