• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Internal SSL port 8443

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> Unihomed >> Internal SSL port 8443 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Internal SSL port 8443 - 31.Jul.2008 2:23:20 PM   
ChrisTR

 

Posts: 2
Joined: 30.Jul.2008
Status: offline
OK, I have an issue with ISA 2006 and an internal web server on a non-standard port.

We have a web server with an OEM supplied application that runs a Tomcat web service and requires internal clients to connect via https and port 8443. This is all internal private IP addresses, and doesn't leave the local segment. Using the ISA2006 as a proxy server, (clients are config'd to use the proxy server via IE settings), attempting to go to this site yields an error message:
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)

I tried a Firewall Policy rule to Allow Internal to Internal on all HTTP and HTTPS traffic, and a rule to Allow Selected Protocol (HTTPS) from All Netowrks to Internal. No effect.

I've read up on extending the tunnel range using the Tunnel Range Editor (http://forums.isaserver.org/m_2002068112/mpage_1/tm.htm) and have downloaded, installed and run the ISAtrpe GUI editor. I added a port range from 8443 to 8443 to the GUI interface, and it shows up. Have restarted the ISA service and even rebooted. I cannot get to the server via port 8443. If I check the box on the IE client "Bypass proxy server for local addresses", then I can get there. Obviously, I have a work arround, but, I'd like to understand what's configured wrong and if there's a configuration work arround instead.

Any help/insight would be greatly appreciated.

Thanks,
Chris

Windows Server 2003 SP2
ISA 2006 SP1
Single NIC - Edge mode
Proxy and web cache only
Private IP address range
Post #: 1
RE: Internal SSL port 8443 - 1.Aug.2008 7:47:48 AM   
gbarnas

 

Posts: 155
Joined: 27.Apr.2005
From: New Jersey
Status: offline
 You don't have a work-around, you have a proper, working solution. ISA generally is not used to access internal sites, so clicking the "Bypass Proxy for Internal Sites" is the correct thing to do. If you publish WPAD for auto-configuration, you can define a similar setting there and have it handed out to all workstations.

Glenn

(in reply to ChrisTR)
Post #: 2
RE: Internal SSL port 8443 - 1.Aug.2008 7:44:01 PM   
ChrisTR

 

Posts: 2
Joined: 30.Jul.2008
Status: offline
gbarnas, thanks for the reply. Guess I hadn't thought of it that way. So, with the "bypass proxy for internal sites" checked, I can ditch the 2 non-working "SSL rules" I set up earlier also.

I'll give that a whirl. Thanks for the help.

(in reply to gbarnas)
Post #: 3
RE: Internal SSL port 8443 - 5.Aug.2008 10:24:41 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Make sure Internal sites are configured for Direct Access and that Web Proxy clients use the autoconfig script to get the Direct Access list.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to ChrisTR)
Post #: 4
RE: Internal SSL port 8443 - 6.Aug.2008 8:28:20 AM   
Budmaas

 

Posts: 90
Joined: 7.Oct.2007
Status: offline
http://www.isaserver.org/articles/2004tunnelportrange.html


check  this above link

(in reply to tshinder)
Post #: 5
RE: Internal SSL port 8443 - 29.Apr.2009 3:37:38 AM   
gazy007

 

Posts: 43
Joined: 29.Aug.2008
Status: offline
On isa server 2006 you can just make a new common protocol and allow only 8443 TCP out bound port and add it with Access rule the users are trying to access. I have just tested and it worked fine.

(in reply to Budmaas)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> Unihomed >> Internal SSL port 8443 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts