Re: VPN clients can't access internal web sites

From: "Kevin Longley" <kwlongley@xxxxxxxxxxxxxx>
Date: Thu, 14 Feb 2008 20:27:52 -0500

There was an ms kb that stated the solution which I can't locate now. Here are my notes on what I did based on the article.

Create custom http protocol:

Name: Http Vpn
Port Range: 80
Protocol Type: Tcp
Direction: Outbound
Application Filters: None

(This custom protocol will be used by vpn clients for accessing internal and external websites. This is required because the standard http protocol is linked to the web proxy filter which if used will prevent the vpn client access from working when using http.)

Create the following access rules order like below and ordered above any other rules that allow vpn access which uses the defined http protocol.:

Name: Allow Traffic from Vpn Clients
Protocols: All outbound traffic except Http
From: Vpn clients
To: Internal, External
Users: All Users

Name: Deny Http Http protocol from Vpn Clients
Protocols: Selected protocols - Http
From: Vpn clients
To: Internal, External
Users: All Users

"Tim Schwab" <tss-x@xxxxxxxxxxxxxxxxx> wrote in message news:uz05VvkbIHA.5128@xxxxxxxxxxxxxxxxxxxxxxx

Hi. I have ISA 2K6 installed on Windows 2K3-R2. I have also installed the Supportability Update Package (939455).

When connecting with the MS VPN client, everything seems ok, with one exception:

When I try to view web sites on the Internal network, I receive "Error Code: 500 Internal Server Error. The pipe is being closed. (232)". This only happens with web sites running on port 80. Internal web sites on other ports work fine.

I can ping the web servers; I can browse the network neighborhood. There are no corresponding "denied" entries in the real-time monitor. My access rule allows "All Outbound Traffic" from the "VPN Clients" network to "Local Host" and "Internal"

- Tim

References:
- VPN clients can't access internal web sites
  - From: Tim Schwab

Prev by Date: Is HTTPS-HTTPS bridging buffered?
Next by Date: Re: Webvpnportforward
Previous by thread: VPN clients can't access internal web sites
Next by thread: 252 wpad test on on client
Index(es):
- Date
- Thread

Relevant Pages

Re: Web Proxy Filter exception not working
... Allow all traffic but HTTP between all protected networks and the ... Unrestricted internet access between all protected networks and the ... The unfiltered protocol is denied so all other HTTP traffic still uses ... The intial connection to the MetroList site uses my unfiltered protocol. ...
(microsoft.public.isa.configuration)
Re: Is HTTP an Async Protocol
... If you say that HTTP is 3 layers, which is true in one sense, ... TCP/IP is an asynchronous protocol (like most ... > network protocols). ... >> "asynch" is a term related to programming. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Is HTTP an Async Protocol
... Long answer: HTTP is a protocol. ... "asynch" is a term related to programming. ... A protocol is a standard for communication. ...
(microsoft.public.dotnet.framework.aspnet)
Re: help abt HTTP protocol !
... >> HTTP protocol connection, as HTTP itself and not any other protocol. ... > The HTTP request could be sent one byte at a time, ... > hundreds of packets. ...
(comp.security.firewalls)
ISA 2004: Denied connection due to tcp high ports..
... From/Listener: VPN Clients ... To: ServerA ... I have created a new protocol where the TCP port number is 8110 and the ...
(microsoft.public.isa)