Re: HTTPS; SSL-Tunnel

From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 06/02/04

• Next message: David: "Re: HTTPS; SSL-Tunnel"
• Previous message: Larry Stotler: "RE: ISA Client with Active Sync Locks server"
• In reply to: David: "Re: HTTPS; SSL-Tunnel"
• Next in thread: David: "Re: HTTPS; SSL-Tunnel"
• Reply: David: "Re: HTTPS; SSL-Tunnel"
• Reply: David: "Re: HTTPS; SSL-Tunnel"
• Reply: David: "Re: HTTPS; SSL-Tunnel"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 2 Jun 2004 11:18:02 -0700

Exactly how is IE configured?
Those log entries show successful connections.

ISA resolves names for browsers configured as web proxy clients, so if the browser is complaining about "DNS Failure", it's likely
that it can't resolve the proxy name.

-- 
 Jim Harrison [ISASE]
 Read the help, books and articles!
 This posting is provided "AS IS" with no warranties, and confers no rights.
"David" <NOSPAMDavidGerst@anti-spam.tempco.com> wrote in message news:%23jJOtSLSEHA.808@tk2msftngp13.phx.gbl...
This is what was in the log.  The error that comes up in web browser is the
Page Cannot Be Displayed, cannot find server or DNS Error.  I'm thinking it
must be a DNS error, but the DNS error probably has something to do with ISA
blocking a DNS request?
Original Client IP Client Agent Authenticated Client Service Server Name
Referring Server Destination Host Name Transport MIME Type Object Source
Source Proxy Destination Proxy Bidirectional Client Host Name Filter
Information Network Interface Raw IP Header Raw Payload Source Port
Processing Time Bytes Sent Bytes Received Result Code Cache Info Error Info
Log Record Type Log Time Client IP Destination Host IP Destination Port
Protocol Action Rule Client Username Source Network Destination Network HTTP
Method URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy GATEWAY
peapps.milacron.com TCP  Internet - -  -  - - - 0 0 8750 1490 0x3e3 0x0
0x808 Web Proxy Filter 6/2/2004 10:14:07 AM 172.16.0.113 192.67.157.135 443
SSL-tunnel  OFT Website anonymous Internal External  peapps.milacron.com:443
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy GATEWAY
peapps.milacron.com TCP  Internet - -  -  - - - 0 0 60989 10088 0x0 0x0
0x800 Web Proxy Filter 6/2/2004 10:14:27 AM 172.16.0.113 192.67.157.135 443
SSL-tunnel  OFT Website anonymous Internal External  peapps.milacron.com:443
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy GATEWAY
peapps.milacron.com TCP  Internet - -  -  - - - 0 0 201921 56750 0x0 0x0
0x800 Web Proxy Filter 6/2/2004 10:14:31 AM 172.16.0.113 192.67.157.135 443
SSL-tunnel  OFT Website anonymous Internal External  peapps.milacron.com:443
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy GATEWAY
peapps.milacron.com TCP  Internet - -  -  - - - 0 0 7410 73226 0x0 0x0 0x800
Web Proxy Filter 6/2/2004 10:14:33 AM 172.16.0.113 192.67.157.135 443
SSL-tunnel  OFT Website anonymous Internal External  peapps.milacron.com:443
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy GATEWAY
peapps.milacron.com TCP  Internet - -  -  - - - 0 0 1395 256 0x3e3 0x0 0x808
Web Proxy Filter 6/2/2004 10:13:56 AM 172.16.0.113 192.67.157.135 443
SSL-tunnel  OFT Website anonymous Internal External  peapps.milacron.com:443
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy GATEWAY
peapps.milacron.com TCP  Internet - -  -  - - - 0 0 150 49152 0x0 0x0 0x800
Web Proxy Filter 6/2/2004 10:14:35 AM 172.16.0.113 192.67.157.135 443
SSL-tunnel  OFT Website anonymous Internal External  peapps.milacron.com:443
"Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message
news:u6qZLoDREHA.1276@TK2MSFTNGP11.phx.gbl...
> What's in the ISA web proxy logs for those requests?
>
> -- 
>  Jim Harrison [ISASE]
>  Read the help, books and articles!
>
>  This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "David" <NOSPAMDavidGerst@anti-spam.tempco.com> wrote in message
news:OdEx18BREHA.3140@tk2msftngp13.phx.gbl...
> OK,
>
> I've even gone as far as giving cart-blanche access to the site and it's
> still a no go.  all protocols, all users, from internal to all external.
I
> know it's not a problem with the site because I can run through a
different
> gateway that does not have ISA on it and it works fine.  now I'm really
> baffled!
>
>
>
>
> "Tony Su" <anonymous@discussions.microsoft.com> wrote in message
> news:13a0201c44412$e50d2300$a001280a@phx.gbl...
> > If you're accessing remote SSL sites using the standard
> > port (443), you shouldn't be running into any special
> > problems.
> >
> > If you're accessing an SSL site using a non-default port,
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-
> > us;283284
> >
> > Tony Su
> >
> >
> >
> >
> >
> > >-----Original Message-----
> > >Hi,
> > >
> > >I'm relatively new to this, so here goes...
> > >
> > >
> > >I have ISA server setup to block all web traffic by
> > default and I'm making
> > >rules to allow traffic.  This is working great for the
> > HTTP protocol.  The
> > >problem I am running into is for HTTPS sites.  Even
> > though I have a rule
> > >saying allow userx to go from the internal network using
> > the HTTPS protocol
> > >to destination setX, for some reason it's just not
> > working.  what am I
> > >missing?  I also see in the log files that it's using SSL-
> > Tunnel.
> > >
> > >thanks!
> > >
> > >- david
> > >
> > >
> > >.
> > >
>
>
>

• Next message: David: "Re: HTTPS; SSL-Tunnel"
• Previous message: Larry Stotler: "RE: ISA Client with Active Sync Locks server"
• In reply to: David: "Re: HTTPS; SSL-Tunnel"
• Next in thread: David: "Re: HTTPS; SSL-Tunnel"
• Reply: David: "Re: HTTPS; SSL-Tunnel"
• Reply: David: "Re: HTTPS; SSL-Tunnel"
• Reply: David: "Re: HTTPS; SSL-Tunnel"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint