How ISA Server 2006 or ISA Server 2004 handles client Web requests and how to bypass network address translation (838368)

INTRODUCTION

In Microsoft Internet Security and Acceleration (ISA) Server 2006 and in ISA Server 2004, client Web requests are handled by the Web proxy filter. The Web proxy filter works at the program level on behalf of the following clients:

Clients that reside in networks that are protected by ISA Server
Clients that request HTTP and Secure HTTP (HTTPS) objects

Web proxy client requests are passed to the Web proxy filter on client computers that have ISA Server specified as a proxy server in the browser settings.

This article discusses network address translation (NAT) and how ISA Server 2004 handles client Web requests. This article also discusses how to disable NAT.

MORE INFORMATION

By default, SecureNAT and Firewall clients have the predefined HTTP protocol bound to the Web proxy filter. ISA Server intercepts Web requests from these clients and passes them to the Web proxy filter for transparent handling. This behavior is known as transparent network address translation (NAT).

NAT substitutes a global IP address that is valid on the Internet for the internal IP address of the client request. This behavior helps protect internal addresses. In some cases, you may not require this transparent NAT behavior.

To disable this setting for SecureNAT and Firewall clients, you must disable the predefined HTTP protocol from the Web proxy filter. For information about how to disable the HTTP protocol from the Web proxy filter, see ISA Server Help.

For more information about how to troubleshoot Web proxy traffic in ISA Server, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=53684