Announcement

Collapse
No announcement yet.

Configuring RAS as proxy server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring RAS as proxy server

    In Windows Server 2008, is there a built in proxy server in which you can run RAS through? Or can RAS be configured to act as a type of proxy server that will log outbound connections?

    If so, HOW?

    Thanks!

  • #2
    Re: Configuring RAS as proxy server

    If you want to monitor people's web activity you're going to need something like ISA Server.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Configuring RAS as proxy server

      RRAS can do NAT but you are indeed way better of with Microsoft ISA Server.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Configuring RAS as proxy server

        Great! Thank you.

        Do you have any idea how to capture outbound connections with the ISA server 06? Are there certain settings or configurations to change, or a specific location the logs would be?

        Thanks so much for any help.

        Comment


        • #5
          Re: Configuring RAS as proxy server

          Well Install ISA server and review the monitoring?
          You also can create reports with ISA server.

          What are you looking for?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Configuring RAS as proxy server

            Ok - here is what I am specifically looking for with IAS server:

            -Ultimately, we would like to be able to log the websites that our client is connecting to once they connect through our remote access server (or VPN) out to the internet.


            -What would ISA log for these outbound connections? The URL and/or IP address of the site the client is connecting to? The date and time of the connection? Same for inbound connections, the IP of the client?

            -Do the logs make a link between the IP of the specific client making the connection to the specific address they're connecting to? In other words, is there a single log file that links inbound to outbound connections rather than displaying the logs separately?

            -Does ISA automatically log the information for these types of connections, (inbound and outbound) or does it need to be configured or set to log it?

            -We would like to be able to periodically review the logs - without having to monitor the connection in real-time.

            -Where are the logs stored?

            Sorry if my questions are confusing. I've tried doing a lot of research on this, but I'm having a hard time getting these specific questions answered. Any information would be greatly appreciated, thank you.

            Comment


            • #7
              Re: Configuring RAS as proxy server

              The logs are usually stored in a MSDE database.
              However, due to your specific requirements I would suggest to download the trial of ISA server and test it in your test environment.
              http://www.microsoft.com/downloads/d...displaylang=en
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Configuring RAS as proxy server

                Oh wait, I just noticed this is the Windows 2008 forum
                Errr ISA 2006 is NOT supported on Windows 2008. You have to wait for Forefront TMG or install ISA on server 2003.

                And as a side effect of Forefront TMG it only run on a 64 bit server, however I believe most current servers are 64 bit already.
                Last edited by Dumber; 22nd October 2008, 21:06.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Configuring RAS as proxy server

                  Originally posted by Dumber View Post
                  Errr ISA 2006 is NOT supported on Windows 2008.
                  It's not? (I've not put in much research into 2008 yet, can't see management agreeing to an upgrade >.<). I guess that's why MS decided that "Small Business Server no longer supports being at the edge of the network"
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: Configuring RAS as proxy server

                    Don't know about SBS, but ISA 2006 is not supported on Windows 2008.
                    It can be installed on W2k3. If you want Windows 2008 as your edge firewall you have to wait to somewhere 2009 when Forefront TMG (thread management gateway) has been released (currently in Beta1) I'm not sure why, but like we all know Windows 2008 has a new architecture so it's possible that is the reason.

                    However virtual environments are now supported with ISA 2006 sp1 so Windows 2008 core with hyper-v should be possible.
                    And of course within Hyper-V you have to install Windows 2003
                    http://technet.microsoft.com/en-us/l.../cc891502.aspx

                    But I'm not sure what to think about this. I'm quite curious how ISA in involved at lower levels in the OSI-model. For example, How is the host machine protected in this?
                    I have to admit that I didn't read the article, I just found it on the mainsite from www.microsoft.com/ISAserver/

                    also you might view the video about this:
                    http://edge.technet.com/Media/Virtua...t-TMG-servers/

                    And if you really don't believe me (i had to search google for this one) then see:
                    http://www.microsoft.com/communities...r=US&sloc=&p=1
                    Jim Harrison also stated that you cannot install ISA 2006 on Windows 2008
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: Configuring RAS as proxy server

                      If ISA isn't supported on Server 2008 then chances are it won't be supported on SBS 2008 either. I should point out that I have absolutely no problems with their decision to advise customers not to put their SBS (or indeed ANY DC) at the edge. And of course, this way they get to push the new product

                      Hyper-V etc is a possibility but I've never personally been comfortable running my firewall on a VM. I'd much rather have it on a physical box I can put between the internet and another machine running VMs.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: Configuring RAS as proxy server

                        although this is going a bit it can be interesting.

                        I'm also not a fan of putting a DC against the Internet, but well Microsoft is supporting it within SBS. I assume they have carefully planned to do this.

                        Also with Hyper-V. Personally I also like of putting a physical box between Internet and the internal network but it is also supported. So I assume Microsoft has carefully thought about it. But I've to admit, a few years ago I didn't like VM's either for a production environment and right now it's becoming very common.
                        Anyhow, It's supported so it is one of the many possibilities.
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment

                        Working...
                        X