Welcome to ISAserver.org

502 Proxy Error w/ web chaining to upstream

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> General >> 502 Proxy Error w/ web chaining to upstream

Page: [1]

Message

<< Older Topic Newer Topic >>

502 Proxy Error w/ web chaining to upstream - 23.Sep.2008 10:07:26 AM

Finkenstein

Posts: 13
Joined: 3.Apr.2008
Status: offline

Hello,

I have an issue with a site we access using a web chaining rule to link to an upstream proxy server.

Here is the issue... when going to the site, the users receive the message:

Error Message Network Access Message: The page cannot be displayed Technical Information (for Support personnel)

Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202) IP Address: x.x.x.x Date: 9/23/2008 1:46:30 PM [GMT] Server: servername.domain.com Source: proxy
This site is an https://

When I turn on logging, I see that it is being blocked by our Default Enterprise rule of Deny all traffice. What I don't understand is why it would be blocked if we have a firewall policy rule allowing internet access to FTP Server, FTP, HTTP, HTTPS Server, and HTTPS.

I cannot allow direct access to this site because you need to go through our proxy to be routed to the upstream server and visit the site.

Does anyone have any suggestions?

Post #: 1

Featured Links*

RE: 502 Proxy Error w/ web chaining to upstream - 25.Sep.2008 11:37:23 AM

Finkenstein

Posts: 13
Joined: 3.Apr.2008
Status: offline

Here is some additional information... I may not have to do with the route to the upstream... it may be a port or protocol, however I thought everything was allowed. Here is the error I get:

Denied Connection SERVERNAME 9/25/2008 11:30:53 AM
Log type: Web Proxy (Forward)
Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).
Rule: [Enterprise] Default rule
Source: Internal (my ip)
Destination: External (proxyserver ip:443)
Request: extranet.sitename.com:443
Filter information: Req ID: 069d6c3a; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x0
Processing time: 0 ms
MIME type:

Any help is appreciated.

< Message edited by Finkenstein -- 25.Sep.2008 11:39:01 AM >

(in reply to Finkenstein)

Post #: 2

RE: 502 Proxy Error w/ web chaining to upstream - 25.Sep.2008 1:33:01 PM

Finkenstein

Posts: 13
Joined: 3.Apr.2008
Status: offline

Ok... I created a firewall policy that will allow all outbound traffic from all networks to the URL Set that specifies that URL, plus the proxy server IP address (since for whatever reason it was listing the destination as the proxy ip)

I have a hunch that it was not the proper way to do things, but I'm trying to work through this while checking back periodically for replies. After doing that, I am denied in a different place:

Failed Connection Attempt SERVERNAME 9/25/2008 11:56:02 AM
Log type: Web Proxy (Forward)
Status: 11002 This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
Rule: rulename
Source: Internal (my ip)
Destination: External (proxyserverip:443)
Request: sitewwwname:443
Filter information: Req ID: 069e5d32; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel
User: anonymous
Additional information
[link=http://forums.isaserver.org/javascript:ToggleList%28%27AddInfoNode%27%29][/link]Client agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x0
Processing time: 0 ms
MIME type:

I think I may have messed up adding the ip of the proxy server to the destination set... thoughts or ideas?

< Message edited by Finkenstein -- 25.Sep.2008 1:41:40 PM >

(in reply to Finkenstein)

Post #: 3