Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1326
Views
0
Helpful
3
Replies

Non Domain Workstations

muydess1981
Level 1
Level 1

‎12-07-2010 08:28 AM

We recently migrated from Websense to Ironport and are experiencing an issue where outside vendors who are part of a domain other than ours cannot access the Internet through Internet Explorer; they are able to access the Internet through other browsers (for example Chrome).  We are sure it is an authentication issue but do not have a domain other than our primary one to test with.  When the vendor opens Internet Explorer, they are brought to a blank white page with the ironport URL in the address bar.  I have tried changing the authentication methods within IE on the affected workstations, but it did not resolve the issue.  I also tried adding our ironport URL as a trusted Intranet site and even Internet site.  I then tried adding our ironport IP as an explicity proxy, but it did not work.  Has anyone else experienced this issue?  If so, what was the resolution if any?  We currently are having them use other browsers, if they have one, or we add their IP addresses on the appliance.

Labels:
0 Helpful
3 Replies 3

edadios
Cisco Employee
Cisco Employee

‎12-07-2010 06:30 PM

Hello Marc,

Which IE version? It seems you are talking transparent riderection, and you are saying you are not getting prompted for authentication. Are you saying thew other browsers get the authentication prompt?

Can you try the following on IE > Tools> Internet Option\Privacy Tab\Advanced Button\Overide automatic cookie handling\Check Always allow session cookies

And see if that makes it work.

Otherwise, try and do a packet capture from a client with this problem, and collect the capture from when you try to do the traffic, until the failure, and maybe that will provide further insight to the issue.

Regards,

Eric

0 Helpful

muydess1981
Level 1
Level 1
In response to edadios

‎12-08-2010 05:31 AM

IE 8 is on the vendor's laptops; I tried both the 32 bit and 64 bit versions.  They are not prompted for authentication at all; it tries to access the site then just displays a white page with our ironport server in the address bar followed by the Internet site it was trying to reach.  I will try the cookie option to see if it works.  I will keep you posted.

0 Helpful

ana.peric
Level 1
Level 1
In response to muydess1981

‎12-30-2010 08:43 AM

Hi All,

This problem can be solved very quickly...

Yes, problem IS authentication, and IE security settings.

For your guest users, please make Guest users policy that will be used for user that fail authentication (guests outside your domain).

If you do not know how to do this, I'll help you.

Here is what is happening to your external clients (guest users):

They access the internet, and their request ends up on WSA.

WSA is configured to authenticate users, so it sends Redirect message to users browser (HTTP 302) and redirects our user to WSA-s P1 address in order to authenticate the user.

The problem is that IE will NOT allow browser to be redirected to "some location" unless this location is set to be in IE "Trusted sites list".

So, in oreder to make your IE to respond properly to redirect message, your client must set WSA's authentication redirection FQDN in their IE browsers to be in Trusted istes list...

This was the solution if you use FQDN name of WSA for authentication.

Additionally problem can be caused if guest users can not resolve short host name of your WSA.

If you use only short hostname instead of WSA P1 FQDN, then your guest users must know what domain your organisation is using (this can be pushed via DHCP for example).

Hope this helped.

Cheers,

Ana

0 Helpful
Customers Also Viewed These Support Documents