Announcement

Collapse
No announcement yet.

ISA 2006 as webproxy only

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006 as webproxy only

    Hi all
    I have installed ISA server 2006 in windows server 2003 R2
    I have only one LanCard and ISA is configured for webproxy on port 8080.
    If i specify manually on browsers settings of clients, i can browse the sites without any problem. But doing manually on each and everyclient is cumbersome, so i redirected the traffic from my mikrotik router OS from all clients to ISA server 2006 and when i do this i got the following error..
    ===============================
    Technical Information (for support personnel)
    Error Code: 502 Proxy Error. The Uniform Resource Locator
    (URL) does not use a recognized protocol. Either the protocol
    is not supported or the request was not typed correctly.
    Confirm that a valid protocol is in use (for example, HTTP for
    a Web request). (12006)
    IP Address: xx.yy.zz.mm
    Date: 2/2/2009 12:48:35 AM [GMT]
    ================================

    before ISA i have the following scenario and it was working fine
    client:--http request---->mikrotik router--goto port 3128 on squid---->>squid(1NIC)

    Now after implenting ISA it's not working
    client---http request--->> mikrotik router---goto port 8080 on ISA--->> ISA(1NIC)
    I suppose i'm missing something...... or is it IMPOSSIBLE.?

    any help is greatly appreciated.
    Thankyou very much
    omiz

  • #2
    Re: ISA 2006 as webproxy only

    What do you mean with:
    redirected the traffic from my mikrotik router OS from all clients to ISA server 2006 and when i do this i got the following error..
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: ISA 2006 as webproxy only

      To expand on Dumber's question... have you setup a group policy to configure the proxy settings on each client? If so, the effect should be no different than if you manually configured those settings on the clients.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: ISA 2006 as webproxy only

        Hi,

        as suggested by gforceindustries, do you have a Domain Controller to set up a Group policy where you can set through GPO to set the Proxy Settings for your clients ??

        No need for the router anymore !

        and by the way, why a single network adapter ? you want to benefit from ISA with all its features, then at least set it as a Firewall and confgure it with 2 Network adapters.

        HTH,
        Tarek
        Tarek Majdalani
        MS Forefront Edge Security MVP

        Comment


        • #5
          Re: ISA 2006 as webproxy only

          Hi dumber..
          Yes I mean that..
          Hi gforceindustries and elmajdal No i don't have any domain controller and group policies. And i don't want to configure ISA as firewall because Mikrotik is acting as a firewall and router.
          So i just want ISA 2006 sever to act as Web Proxy for caching only.
          it's working fine if i mention the proxy's address in clients browsers manually.
          But if i redirect the traffic on port 80 to ISA 2006, using Mikrotik router then the above mentioned error appears.
          I have read somewhere that.. if ISA 2006 is configured with 1 NIC as webproxy then we cannot route the traffic.. is it true??
          Thankyou very much
          omiz

          Comment


          • #6
            Re: ISA 2006 as webproxy only

            You don't 'route' traffic to the proxy. You must configure client browsers to use that server as the proxy. Without Active Directory, you'll need to configure each system manually.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: ISA 2006 as webproxy only

              Originally posted by omiz View Post
              Hi dumber..
              And i don't want to configure ISA as firewall because Mikrotik is acting as a firewall and router.
              So i just want ISA 2006 sever to act as Web Proxy for caching only.
              I think you also need to adjust the structure. Proxy server comes behind a Firewal.

              so your diagram should be like :

              client---http request--->> ISA ( 1 NIC ) --->> mikrotik router--- Internet
              Tarek Majdalani
              MS Forefront Edge Security MVP

              Comment


              • #8
                Re: ISA 2006 as webproxy only

                Precise Tarek,
                That's indeed the reason why I asked if the traffic goes that way.
                I started to get the impression that he wanted to do something like this:

                client HTTP request --> Router --> ISA --> Back to Router --> Internet
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: ISA 2006 as webproxy only

                  Hi Dumber hi elmajdal thankyou for the response
                  Dumber so it is not possible to do that way..
                  but believe me squid was doing fine. If it's possible with squid than why not with ISA?
                  i have attached a brief diagram of my network.
                  I hope some one will rectify my mistake and guide me the correct way.
                  and this is the Nat rule on mikrotik firewall i have which was working fine until i installed ISA ( i already changed the port and ip address to suit with ISA)
                  To be more precise. If i manually specify ip and gateway on clients settings it works.
                  The only problem is when i do it via mikrotik router i got the above mentioned error.
                  chain=dstnat action=dst-nat to-addresses=xx.yy.xx.zz to-ports=8080
                  protocol=tcp dst-port=80
                  Thankyou verymuch
                  Sanjeev
                  Attached Files

                  Comment


                  • #10
                    Re: ISA 2006 as webproxy only

                    SecureNAT and Firewall Clients are not supported with ISA when configured with a single NIC.
                    Only Web Proxy clients, so you'll need to configure the clients with a Proxy Server.
                    On the other hand, why not using ISA as a firewall? It can give you great benefits.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: ISA 2006 as webproxy only

                      Originally posted by Dumber View Post
                      SecureNAT and Firewall Clients are not supported with ISA when configured with a single NIC.
                      Only Web Proxy clients, so you'll need to configure the clients with a Proxy Server.
                      On the other hand, why not using ISA as a firewall? It can give you great benefits.
                      Hi Dumber So you mean.. I need to configure the clients manually to suit with proxy server.
                      p.s. manually assigning the proxy details on clients is doing fine..
                      Thankyou

                      Comment


                      • #12
                        Re: ISA 2006 as webproxy only

                        Yes that is what I'm saying or use it as a Firewall.
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: ISA 2006 as webproxy only

                          Hi dumber thankyou for the information.
                          so i should understand this way or the final conclusion of this discussion ..... ISA 2006 with a single NIC can't be configured this way but using squid it is possible. please correct me if i'm wrong.
                          Thankyou
                          Attached Files

                          Comment

                          Working...
                          X