?
Solved

PBR to ISA 2006 Not Proxying Client Web Traffic

Posted on 2012-03-23
1
Medium Priority
?
774 Views
Last Modified: 2012-08-17
I have a ISA 2006 server set up with McAfee's Smartfilter software running to filter our organization's internet traffic.

In the past, we've had to enter the proxy setting into client web browsers. We don't want to do that anymore.

I thought I could just Policy Base Route clients' 80 & 443 traffic to the ISA server, and it would receive the traffic, run it through the filter, allow/disallow the access, and return either a block page or the desired webpage back to the client.

It is not working.

The question is, is it suppose to work? If so, what configuration settings am I missing.

I know for sure the PBR is working, because running WireShark on the ISA box shows that client traffic is getting to the proxy server, but then packets are being reset. So, it's something on the ISA server.

Would appreciate any assistance.

Thank you.
0
Comment
Question by:suma33
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 37759347
Create a new protocol using TCP port 80 outbound (rather than the existing http protocol) - use it in an access rule and disable the web proxy filter. Bear in mind though that this will treat the traffic as layer 3 rather than layer 7.

The ISA MUST be either the default mgateway or on the default route path to the Internet.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question