Proxy Server

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi All,

I am currently trying to configure an Proxy server, Before I go any further I will tell you now that the setup is not a setup that I would normally use as it allows the users to bypass the proxy if they want, but no one in the house has that kind of knowledge so until they do, the current setup will have to do.

The machine that has the proxy software installed has got 2 NIC's each with static IP's. each of these cards is plugged into the switch (not ideal, but I did warn you), however I am having difficulty getting the clients to use the proxy, they just get a message similar to the Error 404 screen but this is issued from the proxy.

Also virtually all the free IP address's that i have in my DHCP scope have been taken by the proxy and inthe Unique ID column of the DHCP MMC it says RAS.

Any advice or ideas ?????? :?:

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Ok, people, dont all rush at once

I sorted it, just sat here for a few hours and used terminal services to change settings on ISA and then test it on the laptop. Still getting the following entry in event viewer on ISA Server though

Date: 09/02/2004
Time: 23:35
Type: Error
User: N/A
Computer: Homeproxy

Source: Microsoft Web Proxy
Category: None
Event ID: 14120

Description:
the ISA Server services cannot create a packet filter <IP Address>. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the windows 2000 routing table. Check the routing tale and the LAT to find the sourse of the conflict.


How do I check the above????????? :?:

 

Must admit, not really used ISA much.
To check Win2K rouitng table go to cmd prompt and type route print.
If you want the display saved in text file try

route print > c:\route.txt

this will then output the table to a text file on C drive called...... route.

If at latter date you wish to append data to text file type

route print >> c:\route.txt

This adds to end of previous file.

Hope this helps

 

Just a thought Derek, have you cofigured the LAT on the ISA Server correctly? You need to tell it what address ranges are on it's prviate network.

 

Never Even seen ISA until i installed it, as far as I am aware I have told ISA the IP range in use on the internal network in the

Network configuration > Local Address Table (LAT) Section.

 

Sounds like you configured it right, I did a search on the error you were getting and ms has this KB article

 

yeah, I found the same article when I did a search and although it says you can ignore the error I would rather resolve it but I dont fully understand the creation of the (A) file[/code]

 

I think what it is saying is that you have an internal web server which is being published by the ISA server and you have a client which is trying to access that web server and it can't cope with trying to loop the requests out then back in so you should create an entry on the internal DNS server to point the client to the internal IP address of the web server.

 

Well that just meant Blahhhhh la la la boo, to me at the moment

Will have a look tomorrow.

thanks Phil, will keep you informed.

 

Gotta say, thats about as much as I understood of it too, Phil

I'll stick to my own department, shall I ?

 

Just thought I would update you on this and say sorry to phil for disappearing the other night on MSN but as I have mentioned on another post, My server fell over. I have managed to salvage it, to an extent.

I have set all the IP configuration back to the way it was before I had the ISA online for the time being, however we all seem to be browsing very very slow now ??????????????

I will keep you updated

Thanks for all your help phil, will give you a shout when I approach this project again.

 

No probs Derek, good luck sorting out the speed problems.

 

OK, this was just getting on my nerves all day so I came home and have not moved from the computer until it was sorted.

Well it's sorted...........to a degree, the ISA server and the DC can conect to the internet through the proxy, when you click on internet explorer you blink and the homepage is there instantly, however when I try to connect to the internet from the main PC when I click on IE it takes approx 20 - 30 seconds to show the homepage, no matter what the homepage is (thats along time when your just staring at the screen waiting) in the bar at the bottom of the IE box it just says Connecting to site <IP address>, once connected I have NO speed problems at all, strange.

Just going to try the laptop and see what happens when I connect using that

BRB













The laptop wont connect (Using Wireless will try cable tomorrow), I have even tried putting the IP address in the proxy address instead of the FQDN still no joy.

Anyone got any ideas

 

I give up on this one, just seems to be too flakey.

The laptop connects....sometimes, usually for around 3 web pages then nothing, other times it does not work at all.

The main PC seems to work the best, however occasionally when you connect to certain sites, iy tou have to login, such as ebay, it just bombs you out with an error 400 page NOT even an error page from the ISA.

Leaving this for now and going to start the search (again) for a script to log users off at a certain time.

 

If ISA seems oddd then try running the 'Secure Server' wizard which can be found on the ISA console by clicking 'Computer', right clicking your ISA server and selecting Secure. You should only need to select the lowest level of lockdown (Secure) but I did notice strange behaviour with my own ISA before running the wizard.


On another note why not use ISA to limit when anyone can access the internet?
First configure a schedule for when access is allowed (Policy Elements>Schedules)
Then add a Protocol Rule to only allow access to the rest of the house within the schedule that you have created. You'll need to make sure that you don't have a second rule that allows internet access from anyone at anytime otherwise they will still be able to get internet access at other times of the day though.
If you want to be crafty you could also set up a bandwidth rule to give you preferential access to the internet compared to everyone else

As to the event log message you are getting I hope that your Internal & External NICs on your ISA server are on different subnets. You will have to configure your LAT to include all your internal subnets and not the external subnet. What type of modem/router are you using and can you give a little more info on how it is set up ? How is your ISA set up ie Integrated mode or only as a pure proxy server ?

 

I see your ISA studies are coming on nicely Taz!

I know this thread is old now and I am not sure if Nelix has sorted this problem out or not. Anyway, ISA is probably too complex and over the top for this situation, especially if you aren't too familiar with it. I still get frustrated with ISA and I have been studying/playing with it for months.

Questions not covered in this thread...

What type of clients are the computers running i.e. secure NAT/Firewall/Web Proxy?
Have you enabled routing and IP packet filtering?
Have you configured allow rules for common protocols?
Have you configured the LDT (local domain table)
Have you configured the browser/s proxy settings properly?
Have you configured the ISA servers cache properly

ISA is a brilliant product that is packed with features but you do need to know how to drive it.

Pete