• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

ISA: Forbidden Access denied by access control list

Hi,

am using ISA 2000 with a dial up connection.

I can browse the internet from the srver terminal. however, the clients can't with msg in thier IE
Forbidden
You were denied access because:
Access denied by access control list

any help
0
turki_00
Asked:
turki_00
  • 5
  • 4
1 Solution
 
Keith AlabasterCommented:
Have you set the clients Proxy (in IE) to point to the ISA IP address on port 80/8080?
Have you created a rule allowing the internal network to go out to the internet for all users?
0
 
turki_00Author Commented:
yes i did,

just want to mention that am facing this problem only when i change to certian ISPs. but i have to !!
0
 
Keith AlabasterCommented:
OK....

Not quie sure where we go here then... Which ISP's are giving you issues?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
turki_00Author Commented:
keith,

on of the loca ISPs, am calling it "EasyNet"
there is another one called "ImpTeam", however this one is not causing me any problems. i.e both clients and the server can surf the net.

the problem is  the dial-up connection "EasyNet" is allowing the server to surf the net, and giving the clients the "Forbidden" page in the IE.
0
 
Keith AlabasterCommented:
Turki, can you confirm that you are using NAT on your ISA server rather then just routing? There are still ISP's that will only accept traffic from a single address specifically to stop you using multiple machines. If Easynet is one of these then either you will have to discuss this with them (they may have a different phone number/contract you could use).

If you are already NATting, then there is nothing in ISA that I can think of that can be changed. As you can appreciate, if we make changes to ISA other than the NATting, we will mess up the one that is already working.
0
 
turki_00Author Commented:
keith,

thank you your response,
now what is NAT, and how can i configure it.

I don't know if the EasyNet ISP is blocking multiple machines or not. but can we give it a try on the NAT issue, I would like to learn.

My network lay-out is simple, 1 server with dial-up connection and ISA installed. And then, around 20 clients all connected in 1 LAN network.

0
 
Keith AlabasterCommented:
OK, in brief then....
NAT = Network Address translation.

Imagine the following scenario.......


                                           Internet Cloud
                                                  |
                                                  |  All traffic enters the Internet from ISA as 5.5.5.5
                                                  |
                                           ISA external Int on 5.5.5.5
                                                  |
                                           ISA internal Int on 192.168.0.254
                                                  |
                          -----------------LAN ---------------------------------------------
                         |                                  |                      |                      |
              192.168.0.1                  192.168.0.2        192.168.0.3             192.168.0.4

All the PC's point to the ISA server
ISA 'translates' the incoming traffic from the work stations and gives it its own external address onto the internet
Traffic comes back in from the Internet to 5.5.5.5
ISA 'untranslates' it back to the correct local machine IP address

The other method is routing whereby each work station already has a valid registered internet IP and the traffic is 'parsed' through the ISA server onto the Internet.

The fact it works with some ISP's already makes it a bit of a moot point though. Still think this is something you will have to talk to the ISP about.
                                               
0
 
turki_00Author Commented:
I guess it is sort of ISP blocking thing,

anyway thank you for the information.
0
 
Keith AlabasterCommented:
Thanks :)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now