Solved

Client cant access internet via ISA 2000

Posted on 2006-11-01
5
262 Views
Last Modified: 2010-04-10
Hi,

We have an ISA 2000 array and one of the developers has a script that he is testing on his machine which basically connects to a website to down download some files. He has specified the IP/Port of the proxy in the script, but for some reason it wont go through.

If he takes the proxy ip/port out of the script, we can see the machine trying to access the internet as its hitting the corporate firewall, but the firewall is blocking it as it will only accept this type of traffic (https) via the proxy server.

So the proxy itself is stopping his machine connecting via the script. His normal internet access is fine and the proxy has the appropriate port opened up to handle port 443 traffic.

All i can think is that maybe the proxy is asking for authentication, however he doesnt know how to enter this into the script.

Is there a way on ISA we can monitor the connection coming in from the client machine or maybe shut off authentication from that specified machine so that it can go straight through? Im new to ISA by the way ;)

Cheers
0
Comment
Question by:he_who_dares
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Juan Ocasio
ID: 17853135
What does the log say?
0
 
LVL 6

Accepted Solution

by:
paulhekje earned 250 total points
ID: 17864675
=>Is there a way on ISA we can monitor the connection coming in from the client machine or maybe shut off authentication from that specified machine so that it can go straight through?

Yes you can. you can make rule that a client address can use a protocol to a destination.
- client: specify ip address
- protocol: select a protocol pa HTTPS or create a new definition

basic explanation: http://www.microsoft.com/technet/isa/2000/proddocs/isadocs/cmt_accessauthent.mspx?mfr=true

for advanced questions: www.isaserver.org

0
 

Author Comment

by:he_who_dares
ID: 17865602
Ok im seeing from the logs that ISA is picking it up as:

cs-username = anonymous
s-operator = CONNECT
cs-status = 407

Which tells me its being blocked because its not authenticating and we have set the general outgoing/incoming requests to block unauthenticated users.

Now as i say im new to ISA. I tried to create a new site & content rule with the destination of the of the site its connecting to and a client set pointing to my machine but this still doesnt work.

Is it possible to bypass authentication for a specific machine on ISA? Or could you advise another way of doing it at all?

cheers.
0
 
LVL 6

Expert Comment

by:paulhekje
ID: 17867911
did you restart isa services after creation of the rule?
ISA2000 needs restart of services when applying changes.
0
 

Author Comment

by:he_who_dares
ID: 17982030
Hi, yeah i did restart the services, but it made no difference, i think this must be a global option only on ISA 2000 :(
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question