We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


ISA 2004

itguyrg asked
Medium Priority
Last Modified: 2013-11-16
Ive got all internal clients forwording to ISA 2004 then to the domains-web pages I want them to have access to
now I need to figure out how to connect my stores to this proxy
all store are external small networks with 4 or 5 machines
some have static ip and some don't
how can I get the proxy to allow external clients
I have my router already forwarded to the proxy and i can see the session in monitoring but it does not forword
to the domains I have set up!!
Watch Question

Not sure I am following your intent here.

Are you wanting to allow your External (Internet connected) Branch Locations access to your private network located behind your ISA 2004 server?

You will need to setup either client to ISA vpn connections or Site to Site VPN connections.

Please clarify your needs and myself, or someone else on here may be able to get you in the right direction.


Im dont want to give them access to internal resorces
Im looking to just manage there Site surfing in IE
with this proxy just like they are internal users
Keith AlabasterEnterprise Architect
Top Expert 2008

Some key points here.

1. ISA is not a router, regardless of what it says in the manual so this element needs to be dealt with by the routers themselves.
2. Are you running VPN's from your stores to your main office where the ISA is located? If so, what type of VPN are you using pptp or ipsec?
3. again, if yes, Have you created the VPN locations (in the VPN sections and enabled the client access list/rules?
4. What are you actually seeing in the monitoring - logging section?


I have one machine in each location that uses the windows VPN (pptp)
there are 3 or 4 machines that dont have vpn connections they just connect directly to the internet
the vpn connections are made with a cisco 3030 vpn concentrator

what I see in the monitoring session is a connection with external marked on it and a ip address of the client that is connecting and I have verified that it is my address

basically the idea here is it will be kind of a public proxy in a sense
not sure how safe it is or if it can even be done just testing everything at the moment

the only other option I have is to set up internet connection sharing with the VPN connection then I should be able to
route through the proxy

Enterprise Architect
Top Expert 2008
                                        external Router
                                           |       |
                         ---------------        ---------------
                        |                                            |
                    x.y.19.1                                   x.y.19.2
                   Cisco 3020                             ext firewall
                        |                                            |
 (dmz interface)  -------------  ISA server  --------  (external Interface)
                          --------------- LAN --------------------------

External users call in on the vpn concentrator. Put a rule on  ISA server that allows traffic from the DMZ (perimeter) to external and control as required.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.