Hi all :)

Here's the situation: we have an ISA Server 2006, due to the policy of our company, we are blocking internet connections for all users (HTTP and HTTPS are blocked). Some users though require Skype for their work. since ports 80 and 443 are blocked, we fixed another port on the skype clients, we created a rule to authorize outbound and inbound trafic for that port for both TCP and UDP protocols. despite of that, skype is not working, the authentication fails with a message "unable to connect to server"

any ideas?

thank you all 

Hi,

According to your description, I think you would like to block HTTP and HTTPS protocol for all users except some authorized customers who need them to work. If I misunderstand, please feel free to contact me.

Which client type do you use? (You need to note that if you use SecureNat as your client type, it cannot support authentication function.)

Which authentication type do you use? You can refer to the link below to select the proper type for your environment:

http://www.google.com.hk/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=2&ved=0CC0QFjAB&url=http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc995189.aspx&ei=xQ2DUu7xKsWCiQfgnoDwBA&usg=AFQjCNEkxa6BX8bwJt35i18g9ud06RMwow&bvm=bv.56343320,d.aGc

You must note that you need to place the new rule above the old one so that it will properly work.

Best Regards

Quan Gu  

Hi

Thank you for replying.

Actually we need to prevent all users from using Internet, so we need to block HTTP/HTTPS trafic for all users and authorize only skype connexions for some.

Hi,

Please try the method i provided above. You need to create two rules, one is blocking your all users and the other one is only allowing authorized users.And place the later on the top of rule list. Then you need to select proper authentication method.

Best Regards

Quan Gu

How does ISA 2006 fit into your organization? Is it on the edge and used as a default gateway? The answer is going to depend a lot on your infrastructure and the type of clients your users are (Web Proxy, Firewall Client, SecureNAT). It sounds like since you are not allowing them to go to the Internet at all they are not likely Web Proxy clients. How is ISA used in your environment? As a firewall to segment off networks? As a reverse proxy (web publishing)?

We need a little more information to recommend anything.

We are using ISA as a firewall default gateway. The blocking of HTTP/HTTPS is done with a firewall rule. no proxy is used.

I will try Quan solution and I'll keep you informed with the results.

thanks all