• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

2 way authenticated SSL "pass through" on ISA 2004 ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> 2 way authenticated SSL "pass through" on ISA 2004 ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
2 way authenticated SSL "pass through" on ISA... - 28.Jul.2009 9:15:21 PM   
arothwel

 

Posts: 2
Joined: 28.Jul.2009
Status: offline
Hi guys,

Got a prospect who owns one of these ISA 2004 devices. I'm totally unfamiliar with them, so apologies if my question appears ignorant.

My company has built credit card terminals that forward financial transactions to our transaction switches via 2-way authenticated SSL sessions.

Unfortunately, the prospect has a ISA 2004 in the perimeter of their network, and it prevents successful SSL session establishment from the credit card terminal to the transaction switch.

Couple of points:

a. SSL bridging to occur for two primary reasons:
i) This would contravene Payment Card Industry (PCI) rules, because various private keys would need to be loaded onto the device, and
ii) The number of certificates that would require managing on the ISA would be ridiculous.
b. SSL tunneling won't work because our SSL traffic is not wrapped in HTTP request/response messages. Right?

So, is there a way to allow straight SSL traffic to pass through the ISA?

Thanks in advance,
Andrew.
Post #: 1
RE: 2 way authenticated SSL "pass through" on... - 28.Jul.2009 9:17:08 PM   
arothwel

 

Posts: 2
Joined: 28.Jul.2009
Status: offline
Meant to say SSL bridging won't work because of reasons i) & ii) mentioned.

Sorry for the muddle.

Andrew.

(in reply to arothwel)
Post #: 2
RE: 2 way authenticated SSL "pass through" on... - 29.Jul.2009 1:01:34 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
You can always tunnell SSL encrypted traffic through the ISA firewall.  You can only do this on specific ports, however; 443 and 563 by default.  If your application is using ports other than these you'll need to configure the firewall to allow that traffic by using this script from ISATools.Org...

http://www.isatools.org/tools/isa_tpr.js


_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to arothwel)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> 2 way authenticated SSL "pass through" on ISA 2004 ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts