What is up with this thing?! Some sites I can get to, some sites I get the 502 error. Some https sites work, others show a blank page with 'done' on the bottom. And can anyone please explain to me WHY, if everything is set to allow, I have to set up another protocol rule for https??! Mind you this isn't a complicated setup. One ISA server, 2 NICs, and an ISP. On top of that, some of the sites that I can get to are slow to respond. Can anybody help me??
I already have a proto rule for http,https. I did look at the article and setup like that, but we dont have an internal DNS server. We have an ISP DNS for internet. If I use nslookup on an internal pc all I get is "default server unknown address: 127.0.0.1" I can still get to sites on the internet. And I think my problem is no longer getting to https sites, but getting to certain sites, regular or secure. Especially sites that redirect or open another window, and some sites just give me 502 proxy error.
OK. If you don't have an internal DNS server, ISA can do DNS name resolving on behalf of a Web Proxy and Firewall client, *not* on behalf of a SecureNAT client. So, make sure your ISP DNS servers are listed in the TCP/IP properties of the ISA interfaces and test the DNS resolving from ISA server itself. Of course make sure you have enabled the default DNS packet filters on ISA server.
Ok, check this out. I setup another isa server for a test. Installed just as a cache server, not integrated. No problems found. And the speed is blazing in contrast to the first server. In reference to DNS IP adresses on the isa interfaces, put on just the external, or internal and external? I have it just on the external. I still want to know why if I have NO RESTRICTIONS on anything, why do I have to specify ANOTHER protocol rule for HTTPS? And that doesn't even cover why I can get to some regular http sites and I can't get other regular http sites. I understand I am venting, sorry, but nobody can explain these problems to me.
because you don't have an internal DNS, you can place the DNS IP adresses on both interfaces. If you done that, can you do a nslookup from ISA server itself, especially those sites which you can't access?
Next, set IE on ISA server to use the ISA internal interface port 8080 as proxy server. What happens then? Can you access all the sites or do you have the same problem?
Maybe something is screwed-up and rebuilding the box is the fastest solution!