[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] HTTP access via VPN and User-Auth
Afternoon all, I have a situation here as follows : We are setting up OWA for users of ours who world-hop. I have 2 rules setup for this as follows : Secure-Group@Any ENC-Domain ANY Client Encrypt Exch-Group@Any Exch-Server-OWA HTTP User-Auth The rule regarding ENC-Domain and Client-Encrypt uses VPN and works perfectly. The second rule, applies to Exch-Server-OWA which contains the Internall address and a NAT for this address. The User-Auth is set to "Intersect with user database" and "All servers". When I attempt to access the NAT address, which is a valid internet address, I get the popup screen for User-Auth, input the name and password, and seem to get access, but nothing happens. When I say "seem to get access", what happens is the log shows the authentication taking place with Accept, the browser shows itself trying to get to the OWA server, but I never get the OWA page back on the Laptop (All these tests are for external users). If I set up a rule which says : Exch-Group @Any ANY ANY Client-Auth And use the CP Client auth software or Telnet to authenticate, and then open the browser to the OWA Internet address, it works in a second. The only difference here is that with CA, I authenticate first and then access, and with UA, I attempt to access, get the popup and should get the OWA logon screen and don't. Does anyone have any idea why this is ? Or what to do ? Thanks, Mike Glassman System & Security Admin Israeli Airports Authority Ben-Gurion Airport http://www.ben-gurion-airport.co.il Tel : 972-3-9710785 Fax : 972-3-9710939 Email : [email protected] Usage of this email address or any email address at iaa.gov.il for the purpose of sales pitches, SPAM or any other such unwanted garbage, is illegal, and any person, whether corporate or alone doing so, will be prosecuted to the fullest possible extent. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|