Section 1: Configuring the ISA Server
This section discusses the creation of Destination Sets, Site and Content Rules, Client Address Sets, and Protocol Rules in ISA Server 2000 to allow AOL 6.0 to function. For more information on these elements of ISA Server 2000, please refer to ISA Server Help.
Create a Destination Set
If users are allowed access to any destination on the public side of the ISA firewall, there is no need to create a Destination Set.
If you are restricting access to certain destinations on the public side of the ISA firewall while allowing access to other destinations, you should create a Destination Set for *.aol.com.
To create a Destination Set:
- Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
- Expand the Server settings, and then expand Policy Elements.
- Right-click Destination Sets, point to New and then click Set.
- In Name, type a name for the set, such as aol.com.
- Note: This step is optional. In Description, type a description for the set.
- Click Add.
- Click Destination, and then type *.aol.com.
- Click OK, and then click OK again.
Create a Site and Content Rule
This procedure is not necessary if you have already defined a Site and Content Rule on your ISA server that allows access to any destination.
If you have already defined any Site and Content Rules, or you want to restrict access to certain sites on the public side of the ISA firewall while allowing access to other sites, you can add a Site and Content Rule. To do so:
- Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
- Expand the Server settings, and then expand Access Policy.
- Right-click Site and Content Rules, point to New, and then then click Rule.
- In Site and Content Rule Name, type a name for the rule, such as Allow AOL, and then click Next.
- Click Allow, and then click Next.
- Click Allow access based on destination, and then click Next.
- In the Apply this rule to drop-down list box, do one of the following:
- If you do not want to restrict access to certain destinations, select All destinations in the drop-down list.
- If you want to restrict access to certain destinations, click Specified Destination Set in the drop-down list, and then click the aol.com Destination Set that you created.
- Click Next, and then click Finish.
Create a Client Address Set
This procedure is not necessary if you have already defined a Client Address Set in your ISA server that includes the IP addresses of the users that require AOL access. This procedure is also not necessary if your ISA server already has a Protocol Rule defined that applies to any request.
To create a Client Address Set:
- Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
- Expand the Server settings, and then expand Policy Elements.
- Right-click Client Address Sets, point to New, and then click Set.
- In Name, type a name for the set, such as AOL Users.
- Note: This step is optional. In Description, type a description for the set.
- Click Add.
- In From, type an IP address for the lowest IP address in the set.
- In To, type an IP address for the highest IP address in the set.
- Click OK, and then click OK again.
Create a Protocol Rule
This procedure is not necessary if you have already defined a Protocol Rule for your ISA 2000 server that applies to any request or a Client Address Set that includes the IP addresses of the users that require AOL access.
To create a Protocol Rule:
- Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
- Expand the Server settings, and then expand Access Policy.
- Right-click Protocol Rules, point to New, and then click Rule.
- In Protocol Rule Name, type a name for the rule, such as Allow AOL, and then click Next.
- Click Allow, and then click Next.
- In the Apply this rule to drop-down list box, do one of the following:
- If you do not want to restrict access to certain protocols, click All IP traffic in the drop-down list.
- If you want to restrict access to certain protocols, click Specified Destination Set in the drop-down list, and then click Selected Protocols. In the Protocols list, click AOL Instant Messenger.Note: AOL 6.0 uses TCP port 5190 Outbound to communicate with AOL servers. The preconfigured AOL Instant Messenger protocol definition is specified as TCP port 5190 Outbound.
- Click Next.
- In the Use this schedule drop-down list box, do one of the following:
- If you do not want to restrict access to a certain schedule, click Always in the drop-down list.
- If you want to restrict access to a certain schedule, click one of the other schedules in the drop-down list. A custom schedule must be predefined in the Schedules node under Policy Elements for it to appear in the drop-down list.
- Click Next.
- Click Specific Computers (client address sets), and then click Next.
- Click Add. Click the AOL Users Client Set that you created earlier, click Add, and then click OK.
- Click Next, and then click Finish.
Section 2: Configuring the Client Computer
You can configure AOL 6.0 to use a proxy server or a Direct TCP/IP Connection; either configuration will work behind ISA Server 2000. If the ISA server is using a demand-dial connection to the Internet, it is advantageous to configure AOL 6.0 to use a proxy server so that it can force a dial-up if the server is not already connected to the Internet. Configure AOL 6.0 by using only one of the following procedures:
Configure AOL 6.0 to Use a Direct TCP/IP Connection
- Start your AOL connection to open the Sign-On screen.
- On the Sign-On screen, click Setup.
- On the AOL Setup screen, click Expert Setup.
- On the Connection Setup screen, click the Locations tab, click the top entry ISP/LAN Connection, and then click Edit.
- On the AOL Setup - ISP/LAN Connection screen, in the Numbers (Connections) for this Location box, click ISP/LAN Connection where ISP/LAN Connection is the default name of the connection, and then click Edit.
- On the AOL Setup - ISP/LAN Connection screen, click Automatic Connection Script, click Direct TCP/IP Connection in the drop-down list, and then click OK.
- Click OK on the AOL Setup - ISP/LAN Connection screen that is entitled Edit Location.
- On the Connection Setup screen, click Close.
- Click Sign On to sign on to America Online.
Configure AOL 6.0 to Use a Proxy Server
- Start your AOL connection to bring up the Sign On screen.
- On the Sign-On screen, click Setup.
- On the AOL Setup screen, click Expert Setup.
- On the Connection Setup screen, click the Locations tab, click the top entry labeled ISP/LAN Connection, and then click Edit.
- On the AOL Setup - ISP/LAN Connection screen, in the Numbers (Connections) for this Location box, click ISP/LAN Connection where ISP/LAN Connection is the default name of the connection, and then click Edit.
- On the AOL Setup - ISP/LAN Connection screen, click Manual Proxy Configuration, and then click View.
- On the Manual Configuration screen, click to select the Connect using proxy check box.
- Type the name of the ISA server. The port should be 1080, unless the default Socks port has been changed on the ISA server.
- Click Socks 4 in the Protocol area.
- Click to select the Use proxy to resolve hostnames check box, and then click OK.
- Click OK on the AOL Setup - ISP/LAN Connection screen that contains the Manual Proxy Configuration and View buttons.
- Click OK on the AOL Setup - ISP/LAN Connection screen entitled Edit Location.
- On the Connection Setup screen, click Close.
- Click Sign On to sign on to America Online.
The ISA Firewall client or Winsock Proxy client is not required to use America Online version 6.0 on a client computer behind ISA Server 2000 or Microsoft Small Business (SBS) Server 2000. If one of these components is installed and enabled on the client computer, the AOL-integrated Web browser may not function.
To Disable the Winsock Proxy Client
- Click Start, click Settings, click Control Panel, and then double-click WSP Client.
- Click to clear the Enable Winsock Proxy Client check box, and then click OK.
- Restart the client.
To Disable the ISA Firewall Client
- Click Start, click Settings, click Control Panel, and then double-click Firewall Client.
- Click to clear the Enable Firewall Client check box, and then click OK.
Section 3: Troubleshooting
- When you attempt to sign on to America Online, the Connection Log screen in AOL 6.0 displays a "The connection was lost" message.
- Verify that there is a protocol rule in ISA that applies to All IP traffic or the AOL Instant Messenger protocol. Also verify that this same rule applies to any request or a Client Address Set. After these verifications, check the Client Address Set to ensure that the client computer's IP address is included in the range of IP addresses.
- When you attempt to sign on to America Online, the Connection Log screen in AOL 6.0 displays "An error occurred while requesting a proxy" message.
- If the ISA server uses a dial-up connection to the Internet, this message can occur if the modem is not turned on or if the telephone line is disconnected from the telephone outlet.
- When you attempt to sign on to America Online, the connection is unsuccessful and the following message is displayed: "We were unable to connect to AOL. Your TCP/IP Connection may not be working properly." The Connection Log screen in AOL 6.0 displays the same message.
- Verify that the ISA server is connected to the Internet.
- Verify that the Internet service provider/local area network (ISP/LAN) connection settings in AOL 6.0 are configured to use a proxy server. Refer to section 2 of this article for more information.
- When you use the AOL Web browser to browse the Internet, no Web pages are loaded. The message "The page cannot be displayed" is displayed at the top of the browser and a message "Cannot find server or DNS Error" is displayed at the bottom of the browser.
- Verify that the ISA Firewall client or the Winsock Proxy client is disabled or removed on the client. Refer to section 2 of this article for more information.
- Remove AOL 6.0, restart the computer, and then reinstall AOL 6.0.
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.