Welcome to ISAserver.org

Proxy bypass for SSL-Tunnel

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Web Proxy] >> General >> Proxy bypass for SSL-Tunnel

Page: [1]

Message

<< Older Topic Newer Topic >>

Proxy bypass for SSL-Tunnel - 25.Jun.2008 3:36:14 PM

HendersonD

Posts: 17
Joined: 15.Oct.2007
Status: offline

I have users that login to a particular web application that is not playing well with ISA. I want to be able to bypass the proxy for the particular site. When I watch the traffic pass through ISA it is going to:

http://iepdirect.edutech.org:443

It shows this as an SSL tunnel. Even when I include this site in the list of sites to bypass with the proxy, the traffic still goes through ISA. Any ideas on how I can bypass this site through ISA?

< Message edited by HendersonD -- 25.Jun.2008 3:37:55 PM >

Post #: 1

Featured Links*

RE: Proxy bypass for SSL-Tunnel - 25.Jun.2008 5:15:57 PM

pwindell

Posts: 745
Joined: 12.Apr.2004
From: Taylorville, IL
Status: online

You can't bypass the ISA if the ISA is physically in the way. When the ISA is physically in the way you will always go through the ISA which is the way it is supposed to be. However what you can do is alter what type of Client you operate as while you are going through the ISA.

Have the Firewall Client installed on the Client.
Disable the proxy settings in the Browser.
Try again,..what happens?

_____________________________

Phillip Windell
www.wandtv.com

(in reply to HendersonD)

Post #: 2

RE: Proxy bypass for SSL-Tunnel - 26.Jun.2008 3:57:15 PM

HendersonD

Posts: 17
Joined: 15.Oct.2007
Status: offline

This is a single nic ISA server so I am only using it as a web proxy so it is not physically in the way. The only traffic passing through it is http, https, and ftp traffic from web browsers. I have put several sites in the bypass proxy list and it works fine. When I monitor traffic in ISA from a client to these sites, none of the traffic passes through ISA. The problem becomes the particular site I am trying to bypass the proxy simply will not do it. The site is listed in my first post and the traffic shows in the ISA monitor as an SSL-Tunnel

(in reply to pwindell)

Post #: 3

RE: Proxy bypass for SSL-Tunnel - 26.Jun.2008 5:13:10 PM

pwindell

Posts: 745
Joined: 12.Apr.2004
From: Taylorville, IL
Status: online

Did you set these sites to bypass in the local browser or in the Web Browser config in the ISA MMC?

If you haven't done it, clean out the settings in the local browser and add them in at the ISA.

MMC-->Configuration--->Networks--->Networks Tab--->Properties--->Web Browser Tab.

Check all three checkboxes,..add the Domains to the Direct Access Box,...check the last checkbox and set Direct Access. Be sure not to enter them as URLs,..they need to be ServerName.DomainName.tld,...or I believe you can use IP#s or IP Ranges.

Here's a link to an article on ths site for doing this:

Configuring Sites for Direct Access: Part 1 � Configuring Direct Access for Web Proxy Connections
http://www.isaserver.org/articles/2004directaccessp1.html

_____________________________

Phillip Windell
www.wandtv.com

(in reply to HendersonD)

Post #: 4

RE: Proxy bypass for SSL-Tunnel - 1.Jul.2008 1:22:02 PM

HendersonD

Posts: 17
Joined: 15.Oct.2007
Status: offline

I did have the site listed in web browser tab but it still would not bypass. I did not have the "Directly access computers specified in the address tab checked". As soon as I checked this, the bypass worked. The site I had listed did end up being in the range of addresses specified in the address tab. It still is a bit puzzling since just having the site name listed in the web browser tab should have worked. Once that check box was checked and the IP address associated with this site was also bypassed, the bypass truly worked. I am thankful that it is now working correclty.

Thanks for your help

(in reply to pwindell)

Post #: 5