Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
502 Proxy Error. The network connection was aborted by the local system. (1236)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
502 Proxy Error. The network connection was aborted by ... - 23.Jan.2008 2:18:28 PM
|
|
|
leedx
Posts: 2
Joined: 23.Jan.2008
Status: offline
|
Hi,
I am running ISA standard server with sp3 on 2003 box. I recently switched over to the proxy service in order to better control my users. I have enabled some website blocking by dns name and some content type filtering. I have not seen many issues except that as of yesterday I can not access www.fedex.com without receiving 502 Proxy Error. The network connection was aborted by the local system. (1236) as an error message. This message occurs regardless of if I don't have the client use the web proxy or not but in the isa logs and in the web broswer it lists it as a proxy error.
I tried making a new rule allowing all outbound traffic for a specific ip address with no other restrictions and I still am receiving this error. Any ideas would be greatly appreciated. The odd thing is the isa logs don’t show the client as trying to use SecureNAT but the webproxy when I try to access fedex.com.
Thanks
Lee
|
|
|
|
RE: 502 Proxy Error. The network connection was aborted... - 23.Jan.2008 4:33:03 PM
|
|
|
Rotorblade
Posts: 1002
Joined: 27.Feb.2007
Status: offline
|
Sounds like you have some rule issues and or order issues in your ISA FW policy that is possibly blocking the requests. You mentioned you were also using SecureNAT. There are a few things to know about SecureNAT clients. 1, SecureNAT clients cannot authenticate so if you have placed any rules that require authentication, (that also goes for using the “Require all users to authenticate” on the web proxy itself, which should not be used anyway) above any anonymous access rules, your going to have issues. 2, DNS is also an issue with SecureNAT clients. DNS is handled by the client and not by the ISA FW. If you were using the Firewall client, ISA would handle this for you.
I would consider removing the SecureNAT access and going with the Firewall client/Web Proxy client as an option. You can also create a new anonymous access rule and make the rule is placed in the proper order in your FW policy.
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: 502 Proxy Error. The network connection was aborted... - 23.Jan.2008 4:46:51 PM
|
|
|
leedx
Posts: 2
Joined: 23.Jan.2008
Status: offline
|
Thanks for the reply and I wanted to post an update. I ran in to the issues you mention about SecureNAT in the past I am positive that all the rules that require authentication are lower in order than the SecureNAT rules.
I even tried making a new rule that allowed all out going traffic from one ip address on my internal network and I still received the same error using SecureNAT. The ip addresses are correct because I tested them using dnstuff.com. I even tried the ip addresses themselves and they give the same result. I also know this used to work. I called fedex and I guess they did a large over haul of there website over the weekend and a lot of people are having issues with it. I noticed parts of there website work for me. I can go to http://news.van.fedex.com/ directly and about half the links work and half give me a 502 error. Any other ideas would be helpful.
The fedex.com site is up for some people. I can connect to it from a Mac laptop using a verizon wireless card with no issues which made me think the issues are all at my end. This was before talking to fedex tech support.
|
|
|
|
|
RE: 502 Proxy Error. The network connection was aborted... - 23.Jan.2008 6:36:26 PM
|
|
|
Rotorblade
Posts: 1002
Joined: 27.Feb.2007
Status: offline
|
Thanks for the update,
I had no issues accessing the Fedx site. One thing that you should consider is basing your access rules using the FQDN of the destination target in a Domain or URL set instead of using an IP address. (Unless you need to block the actual IP)IP’s can change without notice and it’s best to let your DNS sort that out.
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
