Welcome to ISAserver.org

Publish a NetGear SSL VPN Concentrator

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Publish a NetGear SSL VPN Concentrator

Page: [1]

Message

<< Older Topic Newer Topic >>

Publish a NetGear SSL VPN Concentrator - 27.Apr.2007 3:21:37 PM

jamesorl

Posts: 25
Joined: 20.Nov.2002
Status: offline

Hi all, recently we purchased a Netgear SSL VPN Concentrator ( SSL312) to use instead of just ISA VPN ( were using non quarantine vpn connectivty ).

The SSL312 works fine when accessed from internal but now I need to publish through ISA 2006 to the external users. The SSL312 has a valid ( thawte ) certificate installed but I'm getting lost on how to publish it. I ran through the Publishing wizards and tried with both SSL and HTTP to HTTPS rules to no avail.

Any pointers in the right direction would be appreciated.

Post #: 1

Featured Links*

RE: Publish a NetGear SSL VPN Concentrator - 28.Apr.2007 6:41:45 AM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi jamesorl,

SSL VPN doesn't mean necessarily HTTPS. Also, I doubt ISA can do much meaningful content checking on that kind of traffic. Therefore, I would server publish the SSL VPN box or place the box in parallel with the ISA server.

HTH,
Stefaan

(in reply to jamesorl)

Post #: 2

RE: Publish a NetGear SSL VPN Concentrator - 28.Apr.2007 9:04:06 PM

jamesorl

Posts: 25
Joined: 20.Nov.2002
Status: offline

Thanks for the response Steffan.

I guess I figured it had to be https because that's how I connect to the box from the internal network so I just figured I would have to do some sort of HTTP listner and redirect to HTTPS.

I don'nt want to drop the box into a parrellel mode because it doesn't have a firewall so no packet inspection at all.

When I was trying to just do HTTP listner to HHTPS listner I was getting an ISA authentication blocked message so I just figured I was doing it wrong.

Netgear has no information about setting it up with a firewall...yet they suggest that you do.

(in reply to spouseele)

Post #: 3

RE: Publish a NetGear SSL VPN Concentrator - 29.Apr.2007 12:50:50 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi jamesorl,

where you successful in server publishing the SSL VPN box?

Thanks,
Stefaan

(in reply to jamesorl)

Post #: 4

RE: Publish a NetGear SSL VPN Concentrator - 30.Apr.2007 11:14:26 AM

jamesorl

Posts: 25
Joined: 20.Nov.2002
Status: offline

Not yet.

I had been tryin using Web Server Publishing rules BUT because the Netgear is HTTPS I need to do a Listener that listens on HTTP and Redirects internally to HTTPS. The issue is I can't exprt the Thawte cert from the Netgear so I can't install it on the ISA to use for the HTTPS redirection.

SO...I tried a Non Web Server Publishing rule just to redirect inbound HTTPS to the internal server and still no go.

Is there something I'm mising in ISA 2006? I have several site to sites set up with 2004 but this is my first venture with 2006.

(in reply to spouseele)

Post #: 5

RE: Publish a NetGear SSL VPN Concentrator - 30.Apr.2007 11:28:36 AM

jamesorl

Posts: 25
Joined: 20.Nov.2002
Status: offline

OK, color me stupid.

When I finally got my brain of thinking it was a web server publishing rule and looked at doing the non web server publishing rule I finally got it to work.

The reason why it didn;t work the first time ( as I mentioned at the end of my last note ) was because on the TO tab I had it checked that "Request appear to be coming from the original client" once I switched it over to "Requests appear to becoming from the ISA server" it went right through.

Thanks.

(in reply to jamesorl)

Post #: 6

RE: Publish a NetGear SSL VPN Concentrator - 30.Apr.2007 2:41:19 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi jamesorl,

I thought I was very clear from the beginning that you should server publish the SSL VPN box, not web publish it! BTW, we don't use the the term "web server publishing". That's ambiguous in this context.

If you have to enable the setting "Requests appear to becoming from the ISA server" before it worked, than that means to me that the SSL VPN box wasn't configured as a SecureNAT client. In other words, ISA's internal interface was not the default gateway of the SSL VPN box. Check it out!

HTH,
Stefaan

(in reply to jamesorl)

Post #: 7

RE: Publish a NetGear SSL VPN Concentrator - 24.Aug.2007 8:59:39 AM

fcc

Posts: 3
Joined: 15.Mar.2006
Status: offline

Hi,

I�m havimg some problems with the Isa 2006 and the Netgear ssl312.

I have a few sites, one of them is is the exchange web site ( OWA ) ons site with ssl and one with out and now trying to get the ssl312 to work.

I Have a wildcard cert on the isa 2006.
The exchange web access is like this : webmail.mydomain.com so is a subdomain.
The ssl site is : site1.mydomain.com
And the ssl312 is : net312.mydomain.com

On the isa 2006 box I imported the ssl312 certificate ( Godaddy ) to the trusted root certification authority.

From the inside naturally that everything works just fine, but from the wan side I can reach the isa 2006 login page ang I login then the ssl312 login page comes up and it shows correctly and I can login all so the problem is with the internal pages of the ssl312 that don’t display correctly.

Thanks
Fcc

(in reply to spouseele)