spacer
spacer search

After Hours Information Technology - ahit.com.au
The small IT business for your small business.

Search
spacer
header
Main Menu
Home
News
Links
Web Hosting
Domain Lookup
Speed Test
Search
Contact Us
Privacy Policy
News Feeds
Microsoft ISA Server
Administrator
 
Home

Allowing Unix's through ISA PDF Print E-mail
Frequently Asked Questions - Microsoft ISA Server
We're often asked the question on how to get Unix, Redhat, Linux, Macintosh's or basically any "non Microsoft" based machines to work through ISA. The answer is actually pretty easy.

Whilst a good admin will generally ensure that only authenticated users can pass through ISA based upon their NT/AD credentials, it's still easy to allow other machines like unix etc through.

More often than not these machines will use a static IP address on the internal network. For the rest of this "article" we'll assume a static address 'cause it just makes life so much easier.

1. Create a "Client Address Set" containing the IP address of the machine (or machines) you want to give access to. Call the address set something like "Unixbox" or whatevers relevant so that to look at it makes sense!

2. Create a S&C (Site & Content) rule allowing acess "all the time" to "all destinations" for the client address set we just created.

3. Finally create a protocl rule allowing access to "all protocols" (or select just the protocols you want to allow) applying to the client address set created in step 1.

4. Ensure that the Unix box is a SecureNAT client. Which is to say set its default gateway to be that of theinternal IP of your ISA machine...

Lastly, ensure that the client machine has some method of resolving names to IP address', either by an internal DNS server that can do it, or point to the box to an external DNS.

You're done!

Now, despite the fact that all your users must authenticate with ISA in order to get access, we've now created an exception that says "this particular IP address is allowed through all the time". How easy was that?

Things get significantly more difficult if your non-MS machiens use DHCP for IP allocation as it's pretty hard t write a rule for a machien when the address of that machine can change!

Realistically on most networks, despite clients machines using DHCP, they rarely change unless your network has lots of "removable" machines like laptops and your provisioned IP range is less than the total number of clients you have.

 

< Prev   Next >
spacer
Who's Online
We have 27 guests online
Locations of visitors to this page
Polls
I plan on installing Microsoft Vista:
  
Popular
Syndicate

 

Copyright 2004 2005 After Hours Information Technology http://www.ahit.com.au
spacer