Announcement

Collapse
No announcement yet.

Another ISA 2006 proxy but with a twist. allowing exernal clients to use the proxy?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Another ISA 2006 proxy but with a twist. allowing exernal clients to use the proxy?

    Hi guys

    first post

    I need help with a bit of an ISA 2006 issue.
    I have setup a working ISA server with authenticating web proxy on a active directory setup. That part is working 100%. all the client machines on the local lan can use the proxy and authenticate.
    i need to monitor internet usage from a branch office as well. id like to set it up so that external client can use the proxy and i can monitor their usage aswell

    my problem is "how do i set it up?" im learning a little more everyday but right now im stuck.

    Any help would be much appreciated.

    thanks in advance

    lemmingwinks

  • #2
    Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

    So you want to let the branch office and an external client to use the proxy?
    How is the branch office and the external client connected to your network?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

      well the branch office is not connected it just has an internet connection. i just need someway to monitor their usage by bouncing them through a proxy.

      Comment


      • #4
        Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

        It is possible to have a site to site VPN from the branch office to the ISA server and force all traffic through it. That way you can enforce the ISA server as the proxy server for the branch office.

        Bear in mind though that if head office goes down so does the branch office as they have no direct path to the internet, and depending on how many users you have at the branch office the connection is going to run like a dog.

        Once you get to > 10 users or so at the branch office then you start to have justification for another ISA server there and linking the sites with an ISA-ISA VPN.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

          i have taken that into consideration thanks, but at this time there is no possible way for another ISA server to be installed at that site. there are only 5 users there and don't see any possible expansion.

          Comment


          • #6
            Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

            Still though you can use a site-to-site (or lan-to-lan) vpn.
            Most routers support this by using IPSEC.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

              ill look into that, can ISA 2006 be setup as a socks5 proxy?
              i cant find anywhere on how to set it up

              Comment


              • #8
                Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                Not natively.
                Native it supports SOCKS4, well at least if you have enabled the filter.

                But there is a third party product for it like:
                http://www.securesocks5.com/features.aspx
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                  Originally posted by lemmingwinks View Post
                  Hi guys

                  first post

                  I need help with a bit of an ISA 2006 issue.
                  I have setup a working ISA server with authenticating web proxy on a active directory setup. That part is working 100%. all the client machines on the local lan can use the proxy and authenticate.
                  i need to monitor internet usage from a branch office as well. id like to set it up so that external client can use the proxy and i can monitor their usage aswell

                  my problem is "how do i set it up?" im learning a little more everyday but right now im stuck.

                  Any help would be much appreciated.

                  thanks in advance

                  lemmingwinks

                  Hi,

                  Check this article by Tom Shinder : Providing Branch Office Access to the ISA 2006 Firewall’s Web Proxy Listener

                  HTH,
                  Tarek
                  Tarek Majdalani
                  MS Forefront Edge Security MVP

                  Comment


                  • #10
                    Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                    elmajdal and Dumber , thank you both i did come across those articles.im busy with it now. they perfect.

                    thanks for the help

                    Comment


                    • #11
                      Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                      Originally posted by lemmingwinks View Post
                      elmajdal and Dumber , thank you both i did come across those articles.im busy with it now. they perfect.

                      thanks for the help

                      You are most welcome.

                      Glad to help.

                      Thanks,
                      Tarek
                      Tarek Majdalani
                      MS Forefront Edge Security MVP

                      Comment


                      • #12
                        Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                        hey again, didnt want to open another thread so ill just add it in here since its kinda tied to the same problem.

                        okay, so i have setup a VPN connection to our main branch. its a remote vpn pptp connection. its working great and does what i need it to do.

                        one small problem:

                        it seems the bandwidth is limited somehow, as in i dont get full speeds on the line. i need it for downloading large company files after hours. its like some type of QOS. is there anyway to manage the bandwidth in ISA 2006?

                        hope you can see what im trying to do here...

                        thanks

                        Comment


                        • #13
                          Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                          With ISA 2006 you don't have QOS natively.
                          Btw, you can better use L2TP (certficate based gives you higher security) or IPSEC with shared secret to setup the site-to-site vpn
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                            which one is better? IPSEC or L2TP?

                            so there is no way of giving priority over the vpn?

                            Comment


                            • #15
                              Re: Another ISA 2006 proxy but with a twist. allowing exernal clients to use the prox

                              No, not native but their might be third party products out there which probably Tarek knows about it
                              I only found www.bsplitter.com but as far as I can see it only sets quotas.
                              Certificate based gives you the highest level of security for any VPN connection.
                              However you need to have a PKI in place.
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X