How to bypass ISA Server
Posted on 2004-08-10
I have asked this question in a few other forums but no-one has been able to get it working for me. I am hoping someone from here will be able to help.
Here in our office, we have a SBS2003 server with ISA server on it. This has a 2nd NIC card connected to an ADSL modem out to the Internet.
What I want to be able to do is to be able to allow un-authenticated clients access to the Internet (Port 80/443 and a few others). I am not overly worried about internal security as it is only myself and one other person with access to here.
We are a computer reseller who constantly builds computers and adds them to the network to download updates/patches etc etc. I don't want to have to put in proxy settings AND a username and password each time these computers access the Internet, I want them to access it just as if the ISA server was performing NAT. Before SBS we used to run straight from a firewall with DHCP sending all these machines a default gateway and they could then access the Internet perfectly.
At the moment when I plug the machines in, DHCP provides them an IP address no problem, but when I try to access the Internet without putting in a proxy server, I get a:
"403 Forbidden - The ISA server denies the specified Uniform Resource Locator (URL). (12202)
Internet Security and Acceleration Server"
I have tried a few different things in the Protocol Rules but to no avail. I have been trying to get this going on and off for 3 months now and it is starting to really annoy me having to manually type in the proxy server and username and password each time I try to access the Internet.
This has compounded now due to the release of WinXP SP2 and Windows Update v5. Using the proxy server this way does not allow Windows Update to download any updates which is a down right pain in the ****.
I can clearly see why so many people never use ISA server with it's very obscure setup. A simple linux based firewall is sooo much easier to configure...