Re: Publishing Web Site through ISA with https://

---

• From: Jaxy <Jaxy@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 1 Mar 2007 06:46:18 -0800

---

Nickolay, thanks indeed.

So with the confguration settings provided it would enable:

1) Behind the ISA, the Web server would listen both with
Http:// and Https:// ( because web server has SSL installed but NOT
configured as Required SSL)

2) And the clients out in the internet would only
communicate with https://


Many thanks again...
Monir


"Nick Domukhovsky" wrote:

Jaxy пишет:

Hi -

I am in doubt with the followings, please give me some insight ...

1) We have inernal web site that we would configure for SSL but NOT as
required for SSL, meaning you can access the site as https and http. this is
due to we dont want internal users using https

2) But users coming from outside (internet) must use https and tha's where
ISA comes in picture. Incoming request would come through ISA.

3) ISA would be configured only to allow https:// trafic. So when request
comes in from outside ISA takes it, coverts the packets to http://and sends
the packets to the internal web server.
4) My inquiry is, if the web server sends the response back to ISA as
http://, will the ISA communicate to the request originate client with http
or https?


Thanks,
Monir

When you configure HTTPS publishing you have to choose between SSL
bridging and SSL tunelling.

SSL tunelling passes encrypted traffic through ISA server without
inspection and modification (so that is not your case).

SSL bridging uses several method to handle HTTPS traffic, however with
one common rule - SSL tunnel will end-up on ISA server (maybe than it
would be created again, but with another encryption key).

So when you are creating "Secure Web Serber publishing rule" you should
choose SSL bridging. Then you will be prompted for the type of the bridge:
- Secure connection to clients
- Secure connection to Web server
- secure connection both to clients and Web server (default)

Choose first option.

Then you woud be prompted for the Web listener, choose one (if you don't
have one, then create). Don't forget, that your web listener must have a
certificate (to be able establish SSL connection).

--
With best regards
Nickolay Domukhovsky, MCSA

.

---

• Next by Date: Re: FTP publishing denied by default rule
• Next by thread: Re: FTP publishing denied by default rule
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: SSL and BizTalk? ... When making an HTTPS connection to an SSL secured web server the only thing ... SSL cert on the web server. ... If you open Internet Explorer on the BizTalk machine and try browsing to ... (microsoft.public.biztalk.general) RE: ISA 2006 and SSL ... Because the ISA 2006 is a new ... | 3) From your port I am reading things about publishing to a web server. ... (microsoft.public.isa) RE: ISA 2006 and SSL ... Authentication in ISA Server 2006 ... Microsoft Online Partner Support ... | Subject: RE: ISA 2006 and SSL ... | | rule to allow HTTPS to local host, instead of all http and https ... (microsoft.public.isa) Re: ISA outboud SSL request ... ... ISA connects to the web server on the SSL port 443 or 563 depending on the configuration. ... ISA informs the client that the connection has been established and hands the connection over to the client. ... I haven't made any network traces on the ISA's external interface while it negotiates a SSL tunnel. ... (microsoft.public.isa) Re: https Aufruf hat manchmal "timeout" - ISA2004 ... Die geblockte Seite ist keine https Seite. ... Geht nicht der gesamte Verkehr über ISA? ... > handelt es sich hierbei vielleicht um eine SSL Seite? ... (microsoft.public.de.german.isaserver)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)