Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Why can't i get authenticated through ISA 2004

Why can't i get authenticated through ISA 2004 10 years 2 months ago #16252

Hi Guys,

I am not sure if i can make a theory out of what is happining with me. ISA 2004 is strange when it is a member of a domain. So what i did, i removed it from the domain and made it an independent server only proxy, firewall and cache server. and guys it is very nice now. but when it comes to authentication i a facing a problem. domain members are unable to browse as users are not created in the ISA server. Is there a way i can import the active directory users and groups data base into the ISA server. ?????


Please help (The YemenDomain)
B.Sc (Computer science),
Passed: 270-70 & 270-90
working on: 270-91 & CCNA

********Never hisitate asking. Not everyone knows. Seek Learning*********
The administrator has disabled public write access.

Re: Why can't i get authenticated through ISA 2004 10 years 2 months ago #16253

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi there,

Can you give more details of the issues you had when putting ISA Server into the domain. There has been a lot of topics regarding Standalone\Domain Membership and ISA Server. The older approach was that a Firewall should not be a member of a domain incase it is compromised. The newer way of thinking is that it should be a member of the domain in order to enhance the functionality of ISA 2004; see This Link for more on the subject.

Therefore, if you can give more details on the issues you have had with the domain membership it may be worth trying to get this working so you are not managing two seperate accounts (Domain Logon and Internet Access).

Another thing would be, do you use Internet Filtering ? Or are you thinking about it. I know the Websense product (which i must say is an excellent product for Internet Filtering) has an agent the will intercept the domain account information and then use its own service then to connect to a domain controller and enumerate groups, etc... for the authentication portion. This may be another way forward as you don't need to make the ISA Server part of the domain but you can still query your Active Directory (Read only) to enumerate account details.


Wayne Murphy Team Member

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.080 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup