Odin عزیز بایستی اعتراف کنم کمی راهنمائی نا بجا انجام دادم ! اگر صرفا" از ISA جهت کش و به روش Single NIC می خواید استفاده کنید. فقط Web Proxy کلاینت ساپورت خواهد شد. جهت استفاده از روشی که در قبل گفتم بایستی از دو کارت شبکه استفاده کنید. همینطور در روش SecureNat و دو کارت شبکه بایستی DNS به درستی تنظیم شده باشد چرا که سرویس DNS فقط در حالت Web Proxy و Firewall Client توسط آیزا داده خواهد شد.
جناب bigdady این هم پاسخ شما :
VPN Client Issues
This section describes virtual private network (VPN) client issues.
Internet Requests from VPN Clients Fail
Problem: A VPN client connected to ISA Server attempts to make an HTTP request to the Internet through ISA Server. The VPN client is not configured as a Web Proxy client. The access attempt fails, even though there is an access rule allowing outbound HTTP requests from the VPN Clients network to the External network, and a network rule configured to route traffic between the two networks.
Cause: ISA Server intercepts the VPN client request and redirects it to the Web Proxy filter. It is handled as a transparent Web Proxy request, and the IP address is translated (NAT). The VPN client request is identified by ISA Server as coming from the VPN tunnel interface and NAT is not handled correctly and is blocked by ISA Server firewall policy.
Solution: Possible workarounds include the following:
•Construct the rules as follows:
•Create a new protocol definition with the following settings: Protocol: TCP; Direction: Outbound; Port: 80. Disable the Web Proxy filter for this protocol, as described in
Appendix A: Disable the Web Proxy Filter later in this document.
•Create a new access policy rule allowing VPN clients to use the new protocol you created, with all networks. Set this as the first rule in the access rule ordering.
•Create another access rule allowing all outbound traffic for VPN clients to all networks. Set this as the second rule in the access rule ordering. Set the protocol condition to this rule to
All outbound traffic except selected. Add HTTP to the exception list.
•Create a network rule with a route relationship from the VPN Clients network to all networks.
•The other workaround is to disable the Web Proxy filter for HTTP. The disadvantage of this workaround is that outbound HTTP requests from SecureNAT and Firewall clients will then go directly to the Web server instead of being redirected to the Web Proxy filter. Such requests will not be served from the cache, and HTTP application layer filtering will not be applied.