Re: HTTPS Using Web Proxy

The ISA log displays the following on the error.
Dest IP = 209.175.177.100
Dest Port = 444
Protocol = SSL-tunnel
Action = Failed Connection Attempt
Rule = Regular Access
Client IP = 10.10.112.100
client Username = anonymouis
Source Network = Internal
Destination Network = Externall
HTTP Method =
URL = www.ileas.org:444

I created a HTPPS 444 protocol set to TCP port 444 and assigned it to my
internet access rule. This did not change the problem.

Thanks Ken

"Kevin Longley" wrote:

When the failure occurs what rule is referenced in the isa logs?

"Ken" <kend@xxxxxxxxxxxxxxxxx> wrote in message
news:6D3F9460-2772-4D6A-ACE4-9F560C98BC9D@xxxxxxxxxxxxxxxx
We are useing version 4 FWC, I ment to tell you that in my last message
and
forgot.
Ken

"Kevin Longley" wrote:

In your test were you using the fwc?
"Ken" <kend@xxxxxxxxxxxxxxxxx> wrote in message
news:3A21AC38-477F-499B-8A5C-5A72508AAE0C@xxxxxxxxxxxxxxxx
The same as Ted, Direct Access did not help fix the problem. I put the
domain
*.ileas.org into the domain tab of my internal network and still got
the
504
error.
What I am doing is accessing Web site www.iema.org and selecting "iesma
secured website login" that tries to go
https://www.ileas.org:444/_iesma/_membership/_membermain/loginselectagency.php.
At first I was getting a error code: 502 Proxy Error and fixed that by
creating a new tunnel port range. Now I am getting the error code 504:

Thanks
Ken

"Kevin Longley" wrote:

A simple way of testing if direct access will solve the issue is by
disabling the web proxy client on the local computer, within ie, and
then
install the firewall client. If you can then access the website
proceed
with
configuring the site for direct access on the isa server. This is done
on
the properties of the internal network object-web browser tab.

"Ken" <kend@xxxxxxxxxxxxxxxxx> wrote in message
news:6225ABB8-89FB-4B28-9C9C-E407B353D57E@xxxxxxxxxxxxxxxx
I am having the same problem. What do you mean when you say direct
access?

Thanks Ken

"Kevin Longley" wrote:

I can't say. All I know that in my experience I have found several
https
sites that had to be configured for direct access otherwise they
would
exhibit the same symptoms that you described. I would experiment
with
a
couple of the sites using the direct access method.

<williams.ted@xxxxxxxxx> wrote in message
news:1164874666.025143.286050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
It seems to be happening on every HTTPS Site and I noticed it's
not
triggering any rules surely this is a problem with the
configuration
of
the ISA Server and not the website I'm trying to access?

Cheers

Kevin Longley wrote:

Some https sites will only work correctly if you configure them
for
direct
access.

<williams.ted@xxxxxxxxx> wrote in message
news:1164815630.505278.84700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Everyone,
I've just setup my ISA server's web proxy and tested it by
changing
my
web browser LAN settings to point to the ISA server.
Everything
is
working well on normal http traffic it records username and
the
website
they are visiting but when it comes to https traffic I get an
error
message in the web browser:

Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 504 Proxy Timeout. The connection timed out.
(10060)
IP Address: xxx.xxx.xxx.xxx
Date: 29/11/2006 15:14:12 [GMT]
Server: isa.mydomain.com
Source: proxy

I've played around with some settings but I can't get it to
work.
Settings I've tried include:
On the internal network properties / Web proxy page I enabled
SSL
on
port 8443,
I added HTTPS to the same rule as HTTP is working on; I've
tried
enabling the web proxy filter in the application filters part
of
the
HTTPS Protocol,
In Internet Explorer I've unchecked Use Same Proxy Server for
All
Protocols and changed the Secure setting to use port 8443
But still no luck.
When I look in the logs for normal HTTP that works I get first
line
says:

8080 http Denied connection Anonymous
http://www.website.com HTTP/HTTPS Rule
80 http Allowed Connection MyUserName
http://www.website.com HTTP/HTTPS Rule
8080 http proxy Initiate Connection
No Rule

More or Less and that works fine
But when i try to connect to a website using HTTPS the log
looks
like
this:

443 https initiate connection
No Rule
443 https Close connection
No Rule

Has Anyone got any suggestions I could try
Oh yeah I'm using ISA Standard 2006

Many thanks in advance














.

Relevant Pages

  • Re: ISA 2004 Server Errors
    ... Tunneling SSL Through a WWW Proxy ... CONNECT is really a lower-level function than the rest of the HTTP methods, ... Through ISA Server ...
    (microsoft.public.isa)
  • Re: Fehlercode 502
    ... Wenn ich den Proxy umgehe, ... In der ISA Server Hilfe habe ich leider keine Infos gefunden, ... Gruß Detlef ... >> Port 8443). ...
    (microsoft.public.de.german.isaserver)
  • Re: change ISA IP address
    ... to answer your question you cannot "instruct" ISA to function on some ... if you want to use Proxy Autodetect with a WPAD entry published ... then your PAC (proxy autoconfig) file needs to be published on ... > port 80, as WPAD in DNS does NOT allow specifying a custom port like WPAD in ...
    (microsoft.public.isa)
  • Re: How to allow outgoing HTTPS from 3rd party application
    ... Using proxy will be easiest method. ... All you need to configure ion ISA is ... and the order acknowldegement comes back in the HTTP Content. ... other words it builds an SSL link and runs HTTP over this link. ...
    (microsoft.public.isaserver)
  • Re: Webproxy Konfiguration auf einem ISA 2006 Standard
    ... Dann geht es auch ohne Proxy ... ISA Server als Ziel. ... Freigegeben sind Port 80/443/8080. ... laut Log der Zugriff auf Autodiscover und den Webproxy Zugriff. ...
    (microsoft.public.de.german.isaserver)