How to Use America Online 9.0 with ISA Server 2004

  • Article

This document describes how to configure Microsoft® Internet Security and Acceleration (ISA) Server 2004 and America Online (AOL) 9.0, so that a computer behind ISA Server 2004 can use AOL.

Note

This configuration is similar to that of ISA Server 2000. However, the familiar terms used for policy elements in ISA Server 2000 have been upgraded in ISA Server 2004. For example, client address sets have been replaced by computer sets. Destination sets are replaced by various ISA Server 2004 network objects, such as domain name set, URL set, and computer set.

Scenarios

Solution

Scenarios

ISA Server 2004 and AOL 9.0 can be configured to work together. The solution in this document provides a walk-through of the required steps.

Solution

This document provides procedures on how to configure ISA Server 2004 and AOL 9.0:

  • Configure ISA Server 2004
  • Configure the client computer
  • Configure ISA Server client types
  • Troubleshooting

Network Topology

Both ISA Server 2004 and AOL 9.0 are required.

Using America Online with ISA Server—Walk-through

This walk-through guides you through the steps necessary to configure ISA Server 2004 and AOL 9.0.

Using America Online with ISA Server Walk-through Procedure 1: Configure ISA Server 2004

To allow access to AOL, you must create an access rule in ISA Server. Access rules determine how clients on a source network can access resources on a destination network. You can configure access rules to apply to all IP traffic, to a specific set of protocol definitions, or to all IP traffic except selected protocols. For this solution, you must, at a minimum, allow access on the AOL Instant Messenger protocol. If you already have an access rule that allows access on all protocols, you can skip this procedure.

  1. In the console tree of ISA Server Management, click Firewall Policy.

  2. In the task pane, on the Tasks tab, click Create New Access Rule.

  3. In the New Access Rule Wizard, on the Welcome page, provide a name for the rule, such as Internet Access (if you are creating a general access rule) or Access to AOL (if you are creating a specific rule for AOL access). Click Next.
    Cc302514.ac3e338f-86ef-44b5-9899-3032f96b6e7f(en-us,TechNet.10).gif

  4. On the Rule Action page, select Allow, and then click Next.
    Cc302514.762424fb-620b-405d-9e9a-79018348a1fb(en-us,TechNet.10).gif

  5. On the Protocols page, in This rule applies to, select Selected protocols. Click Add, and in the Add Protocols dialog box, expand Instant Messaging. Click AOL Instant Messenger, click Add, and then click Close. On the Protocols page, click Next.

    Note

    AOL 9.0 uses TCP port 5190 Outbound to communicate with AOL servers. The preconfigured AOL Instant Messenger protocol definition is specified as TCP port 5190 Outbound.

    Cc302514.d4be941b-68c4-4dd8-b26a-a3876af368bc(en-us,TechNet.10).gif

  6. On the Access Rule Sources page, enter the sources from which the traffic will originate. Typically, this will be the Internal network, where the client computers are likely to be located. Click Add to open the Add Network Entities dialog box, expand Networks, select Internal, click Add, and then click Close. On the Access Rule Sources page, click Next.

    Note

    You can also restrict access to a set of computers, rather than allowing access to the entire Internal network. To do so, you can click New in the Add Network Entities dialog box, and create a new computer set. Creating a new computer set is described in Appendix A: Creating a New Computer Set.

    Cc302514.3df9da25-884c-4af5-8b0e-511bd7c52eaf(en-us,TechNet.10).gif

  7. On the Access Rule Destinations page, enter the destinations to which you are allowing access. This will be the External network, representing the Internet. Click Add to open the Add Network Entities dialog box, expand Networks, select External, click Add, and then click Close. On the Access Rule Destinations page, click Next.

    Note

    You can also restrict access to specific destinations, rather than allowing access to the entire Internet. To do so, you can click New in the Add Network Entities dialog box, and create a new domain name set or URL set. Creating a new domain name set or URL set is described in Appendix B: Creating a New Domain Name Set or URL Set.

    Cc302514.a1e17fdf-e189-4db2-856a-7538acd8ab37(en-us,TechNet.10).gif

  8. On the User Sets page, if your rule applies to all users, you can leave the user set All Users in place and proceed to the next page of the wizard. If the rule applies to specific users, select All Users and click Remove. Then, click Add to open the Add Users dialog box, from which you can add the user set to which the rule applies. The Add Users dialog box also provides access to the New User Sets Wizard through the New menu item. When you have completed the user set selection, click Next. On the rule summary page, click Finish to complete adding this access rule.

Using America Online with ISA Server Walk-through Procedure 2: Configure the Client Computer

You can configure AOL 9.0 to use a proxy server or a direct TCP/IP connection. Either configuration will work behind ISA Server 2004. If the ISA Server computer is using a demand-dial connection to the Internet, it is advantageous to configure AOL 9.0 to use a proxy server so that it can force a dial-up connection if the server is not already connected to the Internet. To configure AOL 9.0 to use a direct TCP/IP connection, follow these steps.

  1. Start your AOL connection to open the Sign-On screen.
  2. On the Sign-On screen, click Sign-On Options.
  3. On the AOL Setup screen, click Expert Setup.
    Cc302514.c95e3262-c0d1-4df9-b0e5-5a44e34303ae(en-us,TechNet.10).gif
  4. On the Connection Setup screen, click the Add Locations button, click the top entry Broadband (Cable/DSL/ISP), and then click Edit.
    Cc302514.81fd416b-0656-40a6-b6ec-0f38d9a235a3(en-us,TechNet.10).gif
  5. On the AOL Expert Setup – Broadband (Cable/DSL/ISP) screen, choose the Edit Devices option and click Next.

Cc302514.064728b6-4783-4d8f-9d66-edde05c8645c(en-us,TechNet.10).gif

  1. On the next AOL Expert Setup screen for modem connections, click the check box if you want to automatically connect, and then click Next.
    Cc302514.7e5f5304-0fbc-448f-9c6f-50741ef9f80a(en-us,TechNet.10).gif
  2. Select the appropriate option.
    Cc302514.c3914b3f-d8b2-4b79-89c4-2caecec9d681(en-us,TechNet.10).gif
  3. The next AOL Expert Setup screen provides options for TCP/IP configuration. Select the appropriate selection for your configuration, either Automatic Connection or Manual Proxy Configuration. If you select Automatic Connection, click Next to either sign-on to AOL or make further changes.
    Cc302514.4169a325-cb87-4205-8626-02450d91afa3(en-us,TechNet.10).gif
  4. If you select Manual Proxy Configuration, click Next and enter the appropriate configuration options for your proxy server connection.
  5. Type the name of the ISA Server computer. The port should be 1080, unless the default Socks port has been changed on the ISA Server computer.
  6. Use the default Socks selection in the Protocol area.
  7. Select the Use proxy to resolve hostnames check box, and click Next.
    Cc302514.21ac1de6-7c41-4717-88a2-76b3755b99b4(en-us,TechNet.10).gif Cc302514.4e57c022-0e95-4e58-8df0-8c66238a52f8(en-us,TechNet.10).gif
  8. Sign on to AOL or make further changes.

Using America Online with ISA Server Walk-through Procedure 3: Configure ISA Server Client Types

The ISA Server Firewall client or Winsock Proxy client (Microsoft Proxy Server 2.0) is not needed to use America Online 9.0 on a client computer behind ISA Server 2004. If one of these components is installed and enabled on the client computer, the AOL-integrated Web browser may not function. To disable the Winsock Proxy client, follow these steps.

  1. Click Start, click Settings, click Control Panel, and then double-click WSP Client.
  2. Clear the Enable Winsock Proxy Client check box, and then click OK.
  3. Restart the client.

To disable ISA Server Firewall Client, follow these steps.

  1. Click Start, click Settings, click Control Panel, and then double-click Firewall Client.
  2. Clear the Enable Firewall Client check box, and then click OK.

Using America Online with ISA Server Walk-through Procedure 4: Troubleshooting

This topic describes common connectivity issues and their resolution.

Connection Was Lost

When you attempt to sign on to America Online, the Connection Log screen in AOL 9.0 displays a "The connection was lost" message.

Verify that there is an access rule in ISA Server 2004 that applies to all IP traffic or the AOL Instant Messenger protocol. Also verify that this same rule applies to any request or computer set. After these verifications, check the computer set to ensure that the client computer's IP address is included in the range of IP addresses.

Error Occurred While Requesting Proxy

When you attempt to sign on to America Online, the Connection Log screen in AOL 9.0 displays "An error occurred while requesting a proxy" message.

If the ISA Server 2004 computer uses a dial-up connection to the Internet, this message can occur if the modem is not turned on or if the telephone line is disconnected from the telephone outlet.

Unable to Connect

When you attempt to sign on to AOL 9.0, the connection is unsuccessful and the following message is displayed: "We were unable to connect to AOL. Your TCP/IP Connection may not be working properly." The Connection Log screen in AOL 9.0 displays the same message.

Verify that the ISA Server computer is connected to the Internet.

Verify that the Internet service provider (ISP) or local area network broadband provider (cable, DSL, or ISP) connection settings in AOL 9.0 are configured to use a proxy server. For more information, see section 2 in this article.

Page Cannot Be Displayed

When you use the AOL Web browser to browse the Internet, no Web pages are loaded. The message "The page cannot be displayed" is displayed at the top of the browser and a message "Cannot find server or DNS Error" is displayed at the bottom of the browser.

Verify that the ISA Server Firewall client or the Winsock Proxy client is disabled or removed on the client. For more information, see section 2 in this article.

Remove AOL 9.0, restart the computer, and then reinstall AOL 9.0.

Appendix A: Creating a New Computer Set

When you create an access rule, you can restrict access to a set of computers, rather than allowing access to an entire network. To do so, you can click New in the Add Network Entities dialog box, and create a new computer set, or create a new computer set from the Firewall Policy toolbox. Follow this procedure to create a new computer set.

  1. In the console tree of ISA Server Management, click Firewall Policy.
  2. In the task pane, on the Toolbox tab, click Network Objects.
  3. On the toolbar beneath Network Objects, click New, and then click Computer Set.
  4. In the New Computer Set Rule Element dialog box, provide a name for the new computer set.
    Cc302514.352566d3-c38d-4df4-afa6-9688c6ed3a63(en-us,TechNet.10).gif
  5. Click Add, and select either Computer, Address Range, or Subnet, and add the appropriate computers, address ranges, and subnets included in the computer set.
    If you click Computer, you can add a single computer.
    Cc302514.5c1e7078-f6f7-4b5f-b1b0-e38bbc418bb9(en-us,TechNet.10).gif If you click Address Range, you can add a range of IP addresses, representing a group of computers.
    Cc302514.03e2fff1-9ace-45b5-aad5-af6524adb567(en-us,TechNet.10).gif If you click Subnet, you can add a subnet.
    Cc302514.af9d81f7-8cd6-412e-88a8-94019cdf3e63(en-us,TechNet.10).gif
  6. After you add the computers, address ranges, or subnets, click OK to close the New Computer Set Rule Element dialog box.
  7. In the details pane, click Apply to apply the change.

Appendix B: Creating a New Domain Name Set or URL Set

This section describes how to create a domain name set or URL set.

If users are allowed access to any destination on the public side of the ISA Server firewall, there is no need to create a domain name set or URL set.

If you are restricting access to certain destinations on the public side of the ISA Server firewall while allowing access to other destinations, you should create a domain name set for *.aol.com, or you can create a URL set including https://aol.com/*.

Creating a domain name set

Domain name sets define one or more domain names as a single set, so that you can apply a firewall policy to the specified domains. To create a domain name set, follow these steps.

  1. In the console tree of ISA Server Management, click Firewall Policy.
  2. In the task pane, on the Toolbox tab, click Network Objects.
  3. On the toolbar beneath Network Objects, click New, and then click Domain Name Set.
  4. In Name, type a name for the domain name set such as <aol.com>.
  5. Click New, and then type a domain to include in the domain name set such as <*.aol.com>.
  6. Click OK to close the New Domain Name Set Policy Element dialog box.
  7. In the details pane, click Apply to apply the change.

After you create the domain name set, if you double-click it in the Toolbox tab, the AOL Properties screen appears.

Cc302514.008ce590-2d39-4665-9dc7-58062b016604(en-us,TechNet.10).gif

Creating the URL set

URL sets can be used in access rules to allow or deny access to specified websites. URL sets specify one or more URLs grouped together to form a set. To create a URL set, follow these steps.

  1. In the console tree of ISA Server Management, click Firewall Policy.
  2. In the task pane, on the Toolbox tab, click Network Objects.
  3. On the toolbar beneath Network Objects, click New, and then click URL Set.
  4. In Name, type a name for the URL Set such as AOL.
  5. Click New, and then type a URL to include in the URL Set such as https://aol.com/*.
  6. Click OK to close the New URL Set Rule Element dialog box.
  7. In the details pane, click Apply to apply the change.

After you create the URL set, if you double-click it in the Toolbox tab, the AOL Properties screen appears.

Cc302514.db7cbad8-8527-4d16-abe0-ae8db0741b68(en-us,TechNet.10).gif