ISA Server 2000 & Linux based clients

[Rajesh]

We have windows Small business server 2003 installed with ISA server 2000. All the windows based clients work fine with no problem in accessing internet or using email clients. The problem is with Linux based clients (Fedora core -6). The problems are following -
1. If the browser is configured to use the proxy, internet can be used without any problem however the users fail to browse the internal websites (e.g. EduGeek.net, etc) (created by adding cnames). IF the proxy settings are removed, the internet cannot be accessed but all the internal websites works fine
2. Evolution email client does not work at all (the connections time out)
I am new to Linux and therefore have failed to resolve the problem till date. Any help in this regard would be highly appreciated.

[mcloum]

Im not a linux guru but i assume its the same as windows settings, if your websites are referenced internal (why you'd do this for external sites i dont know?) you will have to put an exception in the browser to bypass the proxy for those sites, this is under Proxy settings in IE and Network settings in Firefox.

[Geoff]

There should also be a way to instruct the proxy that the sites are internal. So it can see them too. That way you don't need exceptions. On squid you use the 'always_direct' configuration setting to do this, but I'm not familar with ISA server so I can't help there.

[sparkeh]

Not an expert with ISA but we have ISA 2003 at one of my schools that I have some knowledge of.

I think we achieved this by having a two web chaining rules.
The first is set to retrieve certain URLs directly. To do this create a new rule, under the 'Action' tab select the option to 'retrieve directly' (or words to that effect). Under the 'To' tab you choose the traffic to apply this to. Here you can add a new URL set that contains the local URLs. Thats it really.
The second rule should pick up everything else and send it to the upstream proxy.

[Rajesh]

Im not a linux guru but i assume its the same as windows settings, if your websites are referenced internal (why you'd do this for external sites i dont know?) you will have to put an exception in the browser to bypass the proxy for those sites, this is under Proxy settings in IE and Network settings in Firefox.

I made the changes as suggested and now the internal sites are working fine. However, the problem with evolution remains as it was. Thanks for your nice suggestion.

[Ric_]

What kind of server are you trying to connect to with Evolution? Where is the server?

[Rajesh]

What kind of server are you trying to connect to with Evolution? Where is the server?

The servers are live with windows server 2003 and Argosoft email server installed on it

[Ric_]

The servers are live with windows server 2003 and Argosoft email server installed on it

What protocol are you using (POP3/IMAP) and are the servers on your domain?

If the servers are remote, you need an ISA rule allowing traffic to the address(es) of the servers for the type of protocol you want to use.

If you are trying to use IMAP, make sure that it is supproted at the server - only the pro version supports this from what I can see.

[Rajesh]

What protocol are you using (POP3/IMAP) and are the servers on your domain?

If the servers are remote, you need an ISA rule allowing traffic to the address(es) of the servers for the type of protocol you want to use.

If you are trying to use IMAP, make sure that it is supproted at the server - only the pro version supports this from what I can see.

We are using POP3 protocol for our email server and the servers are hosted. Please note that we use ISA server 2000 on our local server and all the workstations have ISA server 2000 client installed on them with static IP (i.e. DHCP is not being used) and the outlook doen not have any problem receiving or sending emails. The two workstations that have Fedora core 6.0 installed do not have any client for ISA server 2000and hence the probelm.

[Ric_]

Try using the logging tools in ISA to watch what happens when you try to connect from one of these machiens. It should say what rule is denying the traffic.

[Rajesh]

Try using the logging tools in ISA to watch what happens when you try to connect from one of these machiens. It should say what rule is denying the traffic.

No entry found in the ISA log. Message from evolution - Connection timed out

[Ric_]

Do you have the ISA server's internal IP address set as the default gateway? This should force the traffic through.

Make sure that DNS resolved correctly for your mail server (or use the IP address instead).

[Rajesh]

Do you have the ISA server's internal IP address set as the default gateway? This should force the traffic through.

Make sure that DNS resolved correctly for your mail server (or use the IP address instead).

First of all accept my heartiest thanks for the eagerness you have shown in sorting out the problem.
Yes, ISA server's internal IP address is being used as the default gateway.
Extra info for you -
when the following command is issued from the linux terminal -
telnet domain.com 25 or telnet domain.co 110
It resolves the IP of the said domain but after a fixed interval of time, it displays the message - Connection timed out

[mcloum]

I think i may have a solution for you which i will post tonight or tomorrow. Its probably due to your server having authentication turned which can be troublesome especially if its NTML authentication (I couldnt get linux out through the firewall with it on) I was messing about trying to get my ipod and one of the teachers iphones onto the internet and i managed to get it working. I will post the details soon as im leaving for the day now.

[Michael_84]

NTLMaps is an awesome tool to get a Linux box to speak with a server using NTLM authentication, got mine working nicely through ISA2006.
If it is NTLM authentication stopping you then that will work for you.