RE: 504 Proxy timeout only with SSL traffic
- From: bluenetadmin <bluenetadmin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Sep 2007 10:36:02 -0700
Hi David,
I just saw your post now I am going to try the tests and then I will let you
know what happens. Thanks again for your help.
David
"David Maskell - BUI" wrote:
Ok, more questions for you :).
Do you forward your proxy traffic ie: using Web Chaining Rules to access the
internet?
From what you are describing, the DMZ network is considered External to the
Inside firewall, this may have an effect when you access the DMZ. I assume
you have rules in place to allow the internal network to external on HTTPS?
And can access all other HTTPS sites on the internet?
Otherwise, if you are NOT using Web Chaining in the config;
Can you test something please? Just as a very simple test, create a rule
that allows access to the DMZ HTTPS like this:
Source: Internal
Destination: IP of HTTPS Site
Users: All Users
Disble proxy on your browser and see if it works. If it does, that means
that there may be something wrong with the proxy engine on the ISA, but I
can't tell for sure, will you be able to test this? Another thing, can you
access the site using IP instead of hostname?
--
David Maskell - BUI
MCSE:Security,Messaging, CISSP.
http://www.bui.co.za
"Always remember to rate the posts!"
"bluenetadmin" wrote:
Hi David,
The internal ISA Server has two nics one assigned to the internal network
and one assigned to the DMZ network.
The external ISA has two nics once assigned to the DMZ and one assigned to
the internet.
The network rules I am not sure what you mean exactly but under network
configuration I have an internal network with the 192.x.x.x and a VLAN setup
for phone system access but the DMZ is not part of this nor is it visible as
a separate or distinct configuration.
"David Maskell - BUI" wrote:
Ok, a few questions:
Is the Internal and DMZ network separated within ISA with two different
network objects? or are they both internal?
What are the network rules between the two networks? NAT/Route?
Does your ISA Server have 3x NICs? ie: one for external, one for DMZ and one
for Internal?
--
David Maskell - BUI
MCSE:Security,Messaging, CISSP.
http://www.bui.co.za
"Always remember to rate the posts!"
"bluenetadmin" wrote:
Hi,
Here is a little more detail on the problem. The webserver sits wihtin our
DMZ and externally anyone can hit the website and all pages whether normal or
secure come up properly. It is only from within the inside that we are
encountering a problem getting to the secure (SSL) Pages.
We have two ISA 2004 Servers both at same level of service packs which is
SP3 for ISA Server 2004 and SP1 for Windows 2003 server.
One thought I had is perhaps it is seeing it on the same network but they
are clearly on different networks. The internal is using a 192 scheme and
the DMZ is using a 10. scheme
This problem only came about after applying service pack 2 for iSA 2004 and
then in thinking that it was a bug I proceeded to apply sp3 to the same
server for ISA 2004.
Thanks for your help
David
"David Maskell - BUI" wrote:
Hi,
This sounds like a very strange problem, its a bit unusual that you can
access the HTTP but not HTTPS pages, can you access the HTTPS pages directly
on the server? Have you checked the IIS Settings?
If the web server works on itself, ie browsing to the localhost, then it may
have something to do with how the proxy is set up, although, in my honest
opinion, it seems to be more the web server than ISA.
Can you access HTTPS pages locally on the webserver is what we need to look
at first?
--
David Maskell - BUI
MCSE:Security,Messaging, CISSP.
http://www.bui.co.za
"Always remember to rate the posts!"
"bluenetadmin" wrote:
Hi I am hoping that someone can help me. We have been running ISA Server
2004 for sometime and then we had a problem with email so I decided to go to
service pack 2 for ISA 2004 server and I started to get this error mentioned
below. I figured perhaps if I went to the next service pack which is SP3 it
might go away and it has not resolved it yet. I am trying to access https
pages on a webserver that is located on our DMZ. I am able to reach the
webserver pages that are not secure pages but once I try to go to the secure
pages it results in this error mentioned below. I have searched all over the
web for a possible fix and I have not been able to figure this out. Any help
would be appreciated. Thanks
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 504 Proxy Timeout. The connection timed out. For more
information about this event, see ISA Server Help. (10060)
IP Address: xxx.xxx.xxx
Date: 9/17/2007 5:36:34 PM
Server: server.at.work
Source: proxy
- References:
- RE: 504 Proxy timeout only with SSL traffic
- From: bluenetadmin
- RE: 504 Proxy timeout only with SSL traffic
- From: David Maskell - BUI
- RE: 504 Proxy timeout only with SSL traffic
- From: bluenetadmin
- RE: 504 Proxy timeout only with SSL traffic
- From: David Maskell - BUI
- RE: 504 Proxy timeout only with SSL traffic
- Prev by Date: RE: Anyone running ISA SP3 on Windows 2003 Server SP2
- Next by Date: RE: 504 Proxy timeout only with SSL traffic
- Previous by thread: RE: 504 Proxy timeout only with SSL traffic
- Next by thread: RE: 504 Proxy timeout only with SSL traffic
- Index(es):
Relevant Pages
|
