Re: HTTPS Using Web Proxy
- From: "Kevin Longley" <kwlongley@xxxxxxxxxxxxxx>
- Date: Fri, 8 Dec 2006 16:19:16 -0500
I am running out of ideas.
Try as a securnat client with both the web proxy and fwc disabled. Make sure
you have a rule that allows anonymous access to the web site, above your
other allow rules. This is really another direct access approach.
"Ken" <kend@xxxxxxxxxxxxxxxxx> wrote in message
news:5DA53B45-B361-4E52-9582-E0C8415A8AE7@xxxxxxxxxxxxxxxx
The ISA log displays the following on the error.
Dest IP = 209.175.177.100
Dest Port = 444
Protocol = SSL-tunnel
Action = Failed Connection Attempt
Rule = Regular Access
Client IP = 10.10.112.100
client Username = anonymouis
Source Network = Internal
Destination Network = Externall
HTTP Method =
URL = www.ileas.org:444
I created a HTPPS 444 protocol set to TCP port 444 and assigned it to my
internet access rule. This did not change the problem.
Thanks Ken
"Kevin Longley" wrote:
When the failure occurs what rule is referenced in the isa logs?
"Ken" <kend@xxxxxxxxxxxxxxxxx> wrote in message
news:6D3F9460-2772-4D6A-ACE4-9F560C98BC9D@xxxxxxxxxxxxxxxx
We are useing version 4 FWC, I ment to tell you that in my last
message
and
forgot.
Ken
"Kevin Longley" wrote:
In your test were you using the fwc?
"Ken" <kend@xxxxxxxxxxxxxxxxx> wrote in message
news:3A21AC38-477F-499B-8A5C-5A72508AAE0C@xxxxxxxxxxxxxxxx
The same as Ted, Direct Access did not help fix the problem. I put
the
domain
*.ileas.org into the domain tab of my internal network and still got
the
504
error.
What I am doing is accessing Web site www.iema.org and selecting
"iesma
secured website login" that tries to go
https://www.ileas.org:444/_iesma/_membership/_membermain/loginselectagency.php.
At first I was getting a error code: 502 Proxy Error and fixed that
by
creating a new tunnel port range. Now I am getting the error code
504:
Thanks
Ken
"Kevin Longley" wrote:
A simple way of testing if direct access will solve the issue is by
disabling the web proxy client on the local computer, within ie,
and
then
install the firewall client. If you can then access the website
proceed
with
configuring the site for direct access on the isa server. This is
done
on
the properties of the internal network object-web browser tab.
"Ken" <kend@xxxxxxxxxxxxxxxxx> wrote in message
news:6225ABB8-89FB-4B28-9C9C-E407B353D57E@xxxxxxxxxxxxxxxx
I am having the same problem. What do you mean when you say direct
access?
Thanks Ken
"Kevin Longley" wrote:
I can't say. All I know that in my experience I have found
several
https
sites that had to be configured for direct access otherwise they
would
exhibit the same symptoms that you described. I would experiment
with
a
couple of the sites using the direct access method.
<williams.ted@xxxxxxxxx> wrote in message
news:1164874666.025143.286050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
It seems to be happening on every HTTPS Site and I noticed
it's
not
triggering any rules surely this is a problem with the
configuration
of
the ISA Server and not the website I'm trying to access?
Cheers
Kevin Longley wrote:
Some https sites will only work correctly if you configure
them
for
direct
access.
<williams.ted@xxxxxxxxx> wrote in message
news:1164815630.505278.84700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Everyone,
I've just setup my ISA server's web proxy and tested it by
changing
my
web browser LAN settings to point to the ISA server.
Everything
is
working well on normal http traffic it records username and
the
website
they are visiting but when it comes to https traffic I get
an
error
message in the web browser:
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 504 Proxy Timeout. The connection timed out.
(10060)
IP Address: xxx.xxx.xxx.xxx
Date: 29/11/2006 15:14:12 [GMT]
Server: isa.mydomain.com
Source: proxy
I've played around with some settings but I can't get it to
work.
Settings I've tried include:
On the internal network properties / Web proxy page I
enabled
SSL
on
port 8443,
I added HTTPS to the same rule as HTTP is working on; I've
tried
enabling the web proxy filter in the application filters
part
of
the
HTTPS Protocol,
In Internet Explorer I've unchecked Use Same Proxy Server
for
All
Protocols and changed the Secure setting to use port 8443
But still no luck.
When I look in the logs for normal HTTP that works I get
first
line
says:
8080 http Denied connection Anonymous
http://www.website.com HTTP/HTTPS Rule
80 http Allowed Connection MyUserName
http://www.website.com HTTP/HTTPS Rule
8080 http proxy Initiate Connection
No Rule
More or Less and that works fine
But when i try to connect to a website using HTTPS the log
looks
like
this:
443 https initiate connection
No Rule
443 https Close connection
No Rule
Has Anyone got any suggestions I could try
Oh yeah I'm using ISA Standard 2006
Many thanks in advance
.
- References:
- HTTPS Using Web Proxy
- From: williams . ted
- Re: HTTPS Using Web Proxy
- From: Kevin Longley
- Re: HTTPS Using Web Proxy
- From: williams . ted
- Re: HTTPS Using Web Proxy
- From: Kevin Longley
- Re: HTTPS Using Web Proxy
- From: Ken
- Re: HTTPS Using Web Proxy
- From: Kevin Longley
- Re: HTTPS Using Web Proxy
- From: Ken
- Re: HTTPS Using Web Proxy
- From: Kevin Longley
- Re: HTTPS Using Web Proxy
- From: Ken
- Re: HTTPS Using Web Proxy
- From: Kevin Longley
- Re: HTTPS Using Web Proxy
- From: Ken
- HTTPS Using Web Proxy
- Prev by Date: Re: Network Problem
- Next by Date: Upgraded to ISA 2006 from ISA 2004, now Office communicator no longer worsk
- Previous by thread: Re: HTTPS Using Web Proxy
- Next by thread: Re: isa 2006, same physical network segment, RDP
- Index(es):
Relevant Pages
|
Loading
