Home > IT Answers > Security > Circumnavigate ISA server (Which acts as gate...
Help

Question

  Asked: Jun 6 2008   11:05 AM GMT
  Asked by: Sampler

Circumnavigate ISA server (Which acts as gateway).


ISA Server Gateway, ISA Server, Network connectivity, Active Directory

Dear colleagues, I've a problematic workplace where an employee regularly disables internet access using either the ISA 2004 Server or the Win 2003 Active directory domain. Much as I do not log onto the domain (i.e. I log on locally to my machine as an administrator), I get my network settings from the DHCP, DNS, Exchange & Active Directory Server which all reside on this same machine. On the domain, I've an account which is purely ordinary & it is the one I use to access mail on the LAN. Sometimes, this individual disables internet access such that only one machine is accessing this service. The ISA 2004 server is duo homed and acts as a gateway with one card interfacing with the LAN while the second card interfaces with the ISPs Network.

Is there a way I can go round all this and connect directly to the internet?

Thanx.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

CREATE ANSWER
View History
Start this Answer and Earn your Knowledge Points!

By clicking "Create Answer", you can write the answer to this question that can be improved upon by your peers using the Answer Wiki.

Browse more Questions and Answers on Security, Networking and Microsoft Windows.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Alessandro.panzetta  |   Jun 6 2008  3:04PM GMT

Hello,
I guess your machine is not physically attached to the WAN side, right?
Anyway if you have privileges onto the domain you can create a GPO that disables the proxy server on your machine only.
Bye

 

Sampler  |   Jun 26 2008  4:37PM GMT

Alessandro, thanks for your response. Unfortunately, I’m just an ordinary user on the domain which means I cannot even create a GPO.

 

Pressler2904  |   Jun 27 2008  5:45PM GMT

Several questions arise:
1. You state that there is a user who regularly disables Internet access. Who is this and why id he doing it? I’ve worked in places where every 30 days all ports on the firewall were closed, and opened again only after a specific authorized request. Is this a similar issue?
2. The person who is closing off access: are they the sys admin? Do they actually have the authority to do this, or is this an arbitrary action on their part?
3. How is this person disabling access? are they restricting access to a specific IP address? Are they restricting access to a single group of which only they are a member?

If the access is being restricted by rules on the ISA server,you may be able to bypass using a “false proxy” - a site on the internet which is allowed to be accessed but will pass your traffic through to the world at large (no, I won’t give you the addresses - they’re easy enough to find, and “false proxy” is NOT an industry standard term).

If the person who is restricting access is the sys admin, you may be out of luck here as a User lever client…