Re: https - Denied Connection - Default rule - anonymous
- From: ITConsultant <ITConsultant@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 16 Nov 2006 16:03:01 -0800
Well the problem is that even if I specify the access rule to allow https
traffic "anywhere" inside, I still get the error. What's also interesting is
that I do get two https actions through. An "Initiated Connection" and a
"Closed Connection". So basically from the outside I can get to the site,
accept the cert, but I get a page with the error 403 forbidden (12202). And
yes, internally I can access the mail server directly using SSL.
Any other ideas?
Thanks,
Roy
"Phillip Windell" wrote:
"ITConsultant" <ITConsultant@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:D76E7FB8-9C4D-4ACA-8FB8-8F168AB9E72E@xxxxxxxxxxxxxxxx
I just setup ISA 2006 (Edge Firewall config) on Windows Server 2003 and am
configuring OWA access just for starters. Besides the default rule, I used
the OWA wizard to setup access to our internal mail server.
The Default Rule is a "Deny everything no matter what" Rule. So you have to
have Access Rules that actually allow something. Keep in mind that
Publishing Rules are for inbound from the outside,...Access Rules are
outbound from the inside.
keep getting an https denied connection whether I try to access the server
on
the internal or external interface. I'm sure this may be a simple fix, but
I've tried all I can think of.
The internal interface should never be relevant. The Publishing Rule should
use "External" as the Source (From). When accessing any internal rescource
(like OWA) from a machine already on the LAN you will go directly to the
destination and not use ISA.
For OWA,...veryfiy that OWA works at all to begin with by going directly to
it from the inside. In the case of SSL you have to use the same domain name
that matches the Common Name in the Certificate,...so if this is an
internal-to-internal situation, then you have to make sure the URL resolves
properly to the normal IP# of the Exchange box and not the Public IP on the
Internet.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
- Prev by Date: ISA 2006 install on previous ISA 2000 machine
- Next by Date: RE: Domain Auth Problems After Upgrade to ISA 2006?
- Previous by thread: ISA 2006 install on previous ISA 2000 machine
- Next by thread: RE: pop3 and ftp connection problems behind ISA 2004 SE
- Index(es):
Relevant Pages
|
