Re: HTTPS; SSL-Tunnel

From: David (NOSPAMDavidGerst_at_anti-spam.tempco.com)
Date: 06/02/04

• Next message: Doug: "Re: Email Screening"
• Previous message: Jim Harrison [MSFT]: "Re: HTTPS; SSL-Tunnel"
• In reply to: Jim Harrison [MSFT]: "Re: HTTPS; SSL-Tunnel"
• Next in thread: David: "Re: HTTPS; SSL-Tunnel"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 2 Jun 2004 13:35:49 -0500

IE config under tools/internet options:

Auto Config
    Automatically detect settings is checked
    Use automatic config script is not checked

Proxy server
    Use a proxy server is checked

    Addess is DNS name: gateway.example.company.com (which is the ISA
server PC)
    Port: 8080

    bypass proxy for local addresses is checked.

"Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message
news:uWHe03MSEHA.2520@TK2MSFTNGP11.phx.gbl...
> Exactly how is IE configured?
> Those log entries show successful connections.
>
> ISA resolves names for browsers configured as web proxy clients, so if the
browser is complaining about "DNS Failure", it's likely
> that it can't resolve the proxy name.
>
> --
> Jim Harrison [ISASE]
> Read the help, books and articles!
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "David" <NOSPAMDavidGerst@anti-spam.tempco.com> wrote in message
news:%23jJOtSLSEHA.808@tk2msftngp13.phx.gbl...
> This is what was in the log. The error that comes up in web browser is
the
> Page Cannot Be Displayed, cannot find server or DNS Error. I'm thinking
it
> must be a DNS error, but the DNS error probably has something to do with
ISA
> blocking a DNS request?
>
> Original Client IP Client Agent Authenticated Client Service Server Name
> Referring Server Destination Host Name Transport MIME Type Object Source
> Source Proxy Destination Proxy Bidirectional Client Host Name Filter
> Information Network Interface Raw IP Header Raw Payload Source Port
> Processing Time Bytes Sent Bytes Received Result Code Cache Info Error
Info
> Log Record Type Log Time Client IP Destination Host IP Destination Port
> Protocol Action Rule Client Username Source Network Destination Network
HTTP
> Method URL
> 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy
GATEWAY
> peapps.milacron.com TCP Internet - - - - - - 0 0 8750 1490 0x3e3 0x0
> 0x808 Web Proxy Filter 6/2/2004 10:14:07 AM 172.16.0.113 192.67.157.135
443
> SSL-tunnel OFT Website anonymous Internal External
peapps.milacron.com:443
> 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy
GATEWAY
> peapps.milacron.com TCP Internet - - - - - - 0 0 60989 10088 0x0 0x0
> 0x800 Web Proxy Filter 6/2/2004 10:14:27 AM 172.16.0.113 192.67.157.135
443
> SSL-tunnel OFT Website anonymous Internal External
peapps.milacron.com:443
> 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy
GATEWAY
> peapps.milacron.com TCP Internet - - - - - - 0 0 201921 56750 0x0 0x0
> 0x800 Web Proxy Filter 6/2/2004 10:14:31 AM 172.16.0.113 192.67.157.135
443
> SSL-tunnel OFT Website anonymous Internal External
peapps.milacron.com:443
> 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy
GATEWAY
> peapps.milacron.com TCP Internet - - - - - - 0 0 7410 73226 0x0 0x0
0x800
> Web Proxy Filter 6/2/2004 10:14:33 AM 172.16.0.113 192.67.157.135 443
> SSL-tunnel OFT Website anonymous Internal External
peapps.milacron.com:443
> 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy
GATEWAY
> peapps.milacron.com TCP Internet - - - - - - 0 0 1395 256 0x3e3 0x0
0x808
> Web Proxy Filter 6/2/2004 10:13:56 AM 172.16.0.113 192.67.157.135 443
> SSL-tunnel OFT Website anonymous Internal External
peapps.milacron.com:443
> 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) No Proxy
GATEWAY
> peapps.milacron.com TCP Internet - - - - - - 0 0 150 49152 0x0 0x0
0x800
> Web Proxy Filter 6/2/2004 10:14:35 AM 172.16.0.113 192.67.157.135 443
> SSL-tunnel OFT Website anonymous Internal External
peapps.milacron.com:443
>
>
>
> "Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message
> news:u6qZLoDREHA.1276@TK2MSFTNGP11.phx.gbl...
> > What's in the ISA web proxy logs for those requests?
> >
> > --
> > Jim Harrison [ISASE]
> > Read the help, books and articles!
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
> > "David" <NOSPAMDavidGerst@anti-spam.tempco.com> wrote in message
> news:OdEx18BREHA.3140@tk2msftngp13.phx.gbl...
> > OK,
> >
> > I've even gone as far as giving cart-blanche access to the site and it's
> > still a no go. all protocols, all users, from internal to all external.
> I
> > know it's not a problem with the site because I can run through a
> different
> > gateway that does not have ISA on it and it works fine. now I'm really
> > baffled!
> >
> >
> >
> >
> > "Tony Su" <anonymous@discussions.microsoft.com> wrote in message
> > news:13a0201c44412$e50d2300$a001280a@phx.gbl...
> > > If you're accessing remote SSL sites using the standard
> > > port (443), you shouldn't be running into any special
> > > problems.
> > >
> > > If you're accessing an SSL site using a non-default port,
> > >
> > > http://support.microsoft.com/default.aspx?scid=kb;en-
> > > us;283284
> > >
> > > Tony Su
> > >
> > >
> > >
> > >
> > >
> > > >-----Original Message-----
> > > >Hi,
> > > >
> > > >I'm relatively new to this, so here goes...
> > > >
> > > >
> > > >I have ISA server setup to block all web traffic by
> > > default and I'm making
> > > >rules to allow traffic. This is working great for the
> > > HTTP protocol. The
> > > >problem I am running into is for HTTPS sites. Even
> > > though I have a rule
> > > >saying allow userx to go from the internal network using
> > > the HTTPS protocol
> > > >to destination setX, for some reason it's just not
> > > working. what am I
> > > >missing? I also see in the log files that it's using SSL-
> > > Tunnel.
> > > >
> > > >thanks!
> > > >
> > > >- david
> > > >
> > > >
> > > >.
> > > >
> >
> >
> >
>
>
>

---

• Next message: Doug: "Re: Email Screening"
• Previous message: Jim Harrison [MSFT]: "Re: HTTPS; SSL-Tunnel"
• In reply to: Jim Harrison [MSFT]: "Re: HTTPS; SSL-Tunnel"
• Next in thread: David: "Re: HTTPS; SSL-Tunnel"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Please enter password for HTTP proxy ... Web Proxy log: WEBEXTDyyyymmdd.log ... This newsgroup only focuses on SBS technical issues. ... |> on to the SBS server that hosts the ISA. ... |> sure the problematic clients also have Firewall Client installed. ... (microsoft.public.windows.server.sbs) openvpn for windows server ... -My requirement is client should have 192.168.10.0/24 ipaddress and it ... I am able to connect client to server, but i am not able to ping any ... I am attachting the server config and client config file, ... # clients or if a connecting client has a private ... (comp.os.linux.networking) fc5 + openvpn + not routing across the tunnel.. ... I have configured openvpn in my lab ... bad source address from client, ... the server is configured as follows ... # This config item must be copied to ... (Fedora) RE: Proxy requires authentication ... problem where it is being asked to authenticate to the proxy server. ... sure the problematic client also have Firewall Client installed. ... | Thread-Topic: Proxy requires authentication ... (microsoft.public.windows.server.sbs) Re: ISA Server Problems, please help ... The All access rule for SBS Internet ... Web Proxy and/or ... > To accommodate the linux SecureNAT clients you should create a new Client ... ISA Server denies the specified Uniform Resource Locator. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2004-06