Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Internal SSL port 8443
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Internal SSL port 8443 - 31.Jul.2008 2:23:20 PM
|
|
|
ChrisTR
Posts: 2
Joined: 30.Jul.2008
Status: offline
|
OK, I have an issue with ISA 2006 and an internal web server on a non-standard port.
We have a web server with an OEM supplied application that runs a Tomcat web service and requires internal clients to connect via https and port 8443. This is all internal private IP addresses, and doesn't leave the local segment. Using the ISA2006 as a proxy server, (clients are config'd to use the proxy server via IE settings), attempting to go to this site yields an error message:
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
I tried a Firewall Policy rule to Allow Internal to Internal on all HTTP and HTTPS traffic, and a rule to Allow Selected Protocol (HTTPS) from All Netowrks to Internal. No effect.
I've read up on extending the tunnel range using the Tunnel Range Editor (http://forums.isaserver.org/m_2002068112/mpage_1/tm.htm) and have downloaded, installed and run the ISAtrpe GUI editor. I added a port range from 8443 to 8443 to the GUI interface, and it shows up. Have restarted the ISA service and even rebooted. I cannot get to the server via port 8443. If I check the box on the IE client "Bypass proxy server for local addresses", then I can get there. Obviously, I have a work arround, but, I'd like to understand what's configured wrong and if there's a configuration work arround instead.
Any help/insight would be greatly appreciated.
Thanks,
Chris
Windows Server 2003 SP2
ISA 2006 SP1
Single NIC - Edge mode
Proxy and web cache only
Private IP address range
|
|
|
|
|
RE: Internal SSL port 8443 - 1.Aug.2008 7:47:48 AM
|
|
|
gbarnas
Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline
|
You don't have a work-around, you have a proper, working solution. ISA generally is not used to access internal sites, so clicking the "Bypass Proxy for Internal Sites" is the correct thing to do. If you publish WPAD for auto-configuration, you can define a similar setting there and have it handed out to all workstations.
Glenn
|
|
|
|
|
RE: Internal SSL port 8443 - 1.Aug.2008 7:44:01 PM
|
|
|
ChrisTR
Posts: 2
Joined: 30.Jul.2008
Status: offline
|
gbarnas, thanks for the reply. Guess I hadn't thought of it that way. So, with the "bypass proxy for internal sites" checked, I can ditch the 2 non-working "SSL rules" I set up earlier also.
I'll give that a whirl. Thanks for the help.
|
|
|
|
|
RE: Internal SSL port 8443 - 5.Aug.2008 10:24:41 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Make sure Internal sites are configured for Direct Access and that Web Proxy clients use the autoconfig script to get the Direct Access list.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
