Announcement

Collapse
No announcement yet.

ISA 2006; authenticate few clients

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006; authenticate few clients

    Hi All,

    ISA 2006 is installed on windows server 2003.

    Environment is not a domain environment.

    I dont want all users to access internet using ISA server as their proxy server. I want only few clients to access internet using ISA server as their proxy server.

    One possibility can be to make a user set in ISA based on IP addresses. but the problem is that IP`s are given by dhcp server, and dhcp lease expires once the client disconnects from LAN.


    What else authentication mechanism is possible to use ISA server as proxy server for few chosen clients only?

    Thanks & Regards

  • #2
    Re: ISA 2006; authenticate few clients

    Firewall client and web proxy client are the 2 user authentication mechanisms.
    If the ISA server is member of the domain you can authenticate using AD, else you could use LDAP (still AD only though)
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: ISA 2006; authenticate few clients

      Is it always the same client machines that you want to use ISA? If so one rather clunky way to do it would be to configure those machines as web proxy clients and the rest as Secure NAT clients. This would require the ISA Server to be set not to require authentication, and also leaves the possibility that users could manually change these settings. This way all traffic goes via ISA but only the Web Proxy clients are logged by ISA.

      I think the only other ways to do this in a non-domain environment would be to have 2 subnets, one for ISA clients and one for non-ISA clients or maybe it could be done with a RADIUS server.

      Come to think of it, you could assign reserved or static IPs to the clients you want to use ISA, but this of course assumes you are basing proxy settings on machine and not user. If you are basing this on user then I think RADIUS might be the only option, it's not clear from your post whether this is based on user or machine though.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment

      Working...
      X