General discussion

Locked

dialin users cant get to Web thru ISA

By LandoTek ·
After implementing authentication for outbound web requests in ISA, dialin users can no longer get out to the web, though they can get to local resources. It appears that authentication information is being stripped by dialin before getting to ISA, so they are not authenticated, and thus denied access. Clients and servers are W2K. How can I keep authentication on but allow dialin users to access the web?

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

dialin users cant get to Web thru ISA

by Joseph Moore In reply to dialin users cant get to ...

I think this Technet article will help, article # Q297922:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q297922
(plese remove any spaces)

Collapse -

dialin users cant get to Web thru ISA

by LandoTek In reply to dialin users cant get to ...

My ISA server is already configured as specified in this article. Internal clients can access the web, but dialin users cannot.

Collapse -

dialin users cant get to Web thru ISA

by borco In reply to dialin users cant get to ...

Could you be more specific?
Dialin clients are connecting to the same machine with ISA installed or to other perhaps to other device?
Local resources mean on the local machine or the internal LAN?

Collapse -

dialin users cant get to Web thru ISA

by borco In reply to dialin users cant get to ...

OK, so the situation looks like this

+----+ +----+ /dialin
| | | | /
|ISA | |W2K |/
| | |RRAS|
+----+ +----+
out | | |
------+ +--------+--------- other LAN hosts

and dialin users can see devices on LAN. Right?
I hope so, check that dialin users? browsers are correctly set to use proxy.
I mean then proxy is set in IE dialup settings for RAS connection.
Next step will be examining RRAS settings ...

Collapse -

dialin users cant get to Web thru ISA

by LandoTek In reply to dialin users cant get to ...

Thanks for the hint on the IE dialup settings for RAS connections. This is a workaround- they are still not authenticated, but by setting IE's dialup settings to automatically detect the proxy, they find the gateway, which then asks them for credentials. Not perfect, but it works.

Collapse -

dialin users cant get to Web thru ISA

by LandoTek In reply to dialin users cant get to ...

Clients dialin to a Win2K server running Routing and Remote Access services. This is a separate server from the one running ISA. When dialed in, they can access shares on other servers in the domain (on the LAN). However, they cannot access the web,nor are they prompted for authentication, they way other machines on the LAN are which are not part of the domain.

Collapse -

dialin users cant get to Web thru ISA

by TechKid In reply to dialin users cant get to ...

If they're able to see other pc's on LAN but can't surf the web, sounds like they don't have the "use default gateway on remote network" option checked in their dial-up properties

Collapse -

dialin users cant get to Web thru ISA

by LandoTek In reply to dialin users cant get to ...

Poster rated this answer

Collapse -

dialin users cant get to Web thru ISA

by maxwell edison In reply to dialin users cant get to ...

HTTP redirector filter and Firewall client authentication:

When the HTTP redirector filter passes a request from a Firewall client to the Web Proxy service, the client's authentication information is lost. Therefore, when the HTTP redirector filter is enabled and configured to redirect to the Web Proxy service, requests from Firewall client is handled as unauthenticated. If unauthenticated access is not allowed, such requests will be denied. For more information on how clients are authenticated, see Rules and authentication.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/isa/proddocs/isadocs/cmt_accessauthent.asp

Source:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/isa/proddocs/isadocs/cmt_httpfilter.asp

REMOVE SPACES from the pasted URLs.

Maxwell

Collapse -

dialin users cant get to Web thru ISA

by maxwell edison In reply to dialin users cant get to ...

Configuring the HTTP Redirector:

http://www.isaserver.org/pages/articles.asp?art=148


REMOVE SPACES from the pasted URL.

Maxwell

Back to Networks Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums