No announcement yet.

ISA 2000 browse traffic routing question

  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2000 browse traffic routing question

    Hello all,

    Here's what I need to get ISA2000 to do. I have 2 groups of people at a customer's site. Students and Teachers/admins. They will be using ISA2000 in cache/firewall mode. We have already set the protocol rules to allow the students (based on domain group membership) to be able to only use http, and the teachers/admins to use any protocol they want.

    My problem is this....we would like the students traffic (all of it) to be sent out to a 3rd party content server on the internet supplied by our isp. This keeps the students from going to inappropriate sites. We would also like the teachers and admins to be able to go anywhere they like.

    Here's the setup. The ISA server has 2 nics. One to the internal, secure network, and one that then connects to our pix firewall. (We're not putting the ISA right on a live internet connection.) The outside of the pix connects to the dsl connection provided by a local ISP. The content filtering server is based at the ISP.

    So I need to know how to send all the browse traffic for the student group to be sent to the content server and the teachers/admin group traffic to be sent out through the dsl and to the rest of the world like regular internet browsing.

    I was looking at the ISA routing rules under Network Settings, but that seems to be all or nothing, and I'm having trouble getting the traffic to split.



  • #2
    Admittedly we weren't using ISA at the time, but we solved our problem with a REG hack in the logon script. When students logged on they got the URL of the "restricted" filter and teachers got the "unrestricted" one. (Used the /s switch on regedit so it was transparent to the users.)
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2