Re: Webvpnportforward
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Fri, 11 Jan 2008 10:07:31 -0600
If it is all SSL from ISA's "perspective" and if this is using a Java Applet
then the only thing I can think of is to make the Java JRE "proxy agnostic"
and let the Firewall Client handle the interaction with the ISA.
Open the JRE Control Applet (in Windows Control Panel) and go to the
Networking section of it an configure it to not use a proxy, and not use the
browser's settings. Just tell it to use a Direct Connection (or whatever
terminology they are using).
Then be sure the Firewall Client is installed on the workstation and that
the user has an Access Rule allowing them to use SSL.
Hopefully they are running SSL on the standard 443 port.
If nothing else it will give you a much "cleaner" situation to troubleshoot
from without having to deal with the JRE's ability (or lack there of) to
interact with the proxy.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"Kevin Longley" <kwlongley@xxxxxxxxxxxxxx> wrote in message
news:up$uGv%23UIHA.5596@xxxxxxxxxxxxxxxxxxxxxxx
A little more research and they are doing an SSL Vpn. I can find
information
on the topic but not anything helpful yet. Basically you connect to a web
site using ssl and then a java app attempts a vpn inside the ssl tunnel -
I
think. When this occurs the local hosts file is copied out to another name
and then a new hosts file is created with entries like:
127.0.0.2 usdvrts01.abiomed.com # added by WebVpnPortForward at Thu Jan 10
18:19:03 EST 2008
127.0.0.2 usdvrts01 # added by WebVpnPortForward at Thu Jan 10 18:19:03
EST
2008
127.0.0.3 usdvrsapdev02.abiomed.com # added by WebVpnPortForward at Thu
Jan
10 18:19:03 EST 2008
127.0.0.3 usdvrsapdev02 # added by WebVpnPortForward at Thu Jan 10
18:19:03
EST 2008
127.0.0.4 usdvrsaperp # added by WebVpnPortForward at Thu Jan 10 18:19:03
EST 2008
127.0.0.4 usdvrsaperp.abiomed.com # added by WebVpnPortForward at Thu Jan
10
18:19:03 EST 2008
127.0.0.5 usdvrsapsol # added by WebVpnPortForward at Thu Jan 10 18:19:03
EST 2008
127.0.0.5 usdvrsapsol.abiomed.com # added by WebVpnPortForward at Thu Jan
10
18:19:03 EST 2008
127.0.0.6 usdvrsapqas # added by WebVpnPortForward at Thu Jan 10 18:19:03
EST 2008
127.0.0.6 usdvrsapqas.abiomed.com # added by WebVpnPortForward at Thu Jan
10
18:19:03 EST 2008
These entries eventually auto populate inside a Java window. Beyond that I
can't make sense out of what I see in the Web Proxy or Firewall logs. Here
is an article on the technology.
http://www.vpntools.com/vpntools_articles/about-sslvpn.htm
----- Original Message -----
From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
Newsgroups: microsoft.public.isa
Sent: Thursday, January 10, 2008 3:06 PM
Subject: Re: Webvpnportforward
Hi Kevin,
I have never heard of it either. How much can you tell about it?
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"Kevin Longley" <kwlongley@xxxxxxxxxxxxxx> wrote in message
news:uGf4nYwUIHA.3556@xxxxxxxxxxxxxxxxxxxxxxx
I have a customer who is requiring us to use a Webvpnportforward
connection to an internal site at their company. I am not familiar with
this and have not been able to get it to work properly through Isa 2006.
I know the technology is based on Java. Does anyone have any experience
with this or can you offer any suggestions?
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:%23wMO6R8UIHA.5980@xxxxxxxxxxxxxxxxxxxxxxx
Hi Kevin,
I have never heard of it either. How much can you tell about it?
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"Kevin Longley" <kwlongley@xxxxxxxxxxxxxx> wrote in message
news:uGf4nYwUIHA.3556@xxxxxxxxxxxxxxxxxxxxxxx
I have a customer who is requiring us to use a Webvpnportforward
connection to an internal site at their company. I am not familiar with
this and have not been able to get it to work properly through Isa 2006.
I know the technology is based on Java. Does anyone have any experience
with this or can you offer any suggestions?
.
- Follow-Ups:
- Re: Webvpnportforward
- From: Kevin Longley
- Re: Webvpnportforward
- References:
- Webvpnportforward
- From: Kevin Longley
- Re: Webvpnportforward
- From: Phillip Windell
- Re: Webvpnportforward
- From: Kevin Longley
- Webvpnportforward
- Prev by Date: Re: one way or two way
- Next by Date: Re: one way or two way
- Previous by thread: Re: Webvpnportforward
- Next by thread: Re: Webvpnportforward
- Index(es):
Relevant Pages
|
