Re: Cisco VPN Client Version 4.0.2
- From: BigMike3d <BigMike3d@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 5 Jan 2006 07:31:03 -0800
I appreciate the reply, but I have already opened the port 8080 that it uses
for the SSL tunnel. I still get the "The page cannot be displayed" error. I
just can't see what other port or protocol is being used to access the web
site. I'm not getting a proxy eror as the article discusses.
Is there a way I can see the ports that Internet Explorer is trying to open?
I need a tool or something.
"Phillip Windell" wrote:
> SSL can only run over 443, it is by design,..on purpose,...due to security
> concerns. Due to the encryption, SSL is not inspected by the proxy as
> normal HTTP is (no way it could be) so the traffic cannot be verified to
> truely be SSL,...so it is theoretically possible to have a mal-ware
> application "lie" to the proxy saying that is it SSL when it is not in order
> to prevent the proxy from fully inspecting the packets. So SSL is limited
> to 443.
>
> You have to hack ISA with a script to get it to allow SSL on other ports.
>
> 283284 - Blank Page or Page Cannot Be Displayed When You View SSL Sites
> Through ISA Server
> http://support.microsoft.com/default.aspx?scid=kb;en-us;283284
>
>
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
> -----------------------------------------------------
>
>
>
> "BigMike3d" <BigMike3d@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:6A9CD9B6-B1BC-458E-A68D-C25993E55E0E@xxxxxxxxxxxxxxxx
> > I have ISA Server 2004. I've set up my rules to allow the Cisco VPN Client
> to
> > connect through the ISA Server which it does successfully.
> >
> > There is a secured web page that we are trying to access that uses port
> > 8080. Outside of the ISA Server it works great, but behind the firewall we
> > get a "failed communication" error in the firewall log of ISA Server.
> >
> > We are not using the Firewall Client when attempting to do this and have
> > tried SecurNat and the Web Proxy, neither have worked. Thus my dilemma.
> >
> > Any ideas?
>
>
>
.
- Prev by Date: ISA and content checking
- Next by Date: Re: ISA 2004 terminal
- Previous by thread: ISA and content checking
- Next by thread: Re: Cisco VPN Client Version 4.0.2
- Index(es):
Relevant Pages
|
