Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SSL Failed Connection Attempt
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SSL Failed Connection Attempt - 20.Jun.2005 4:02:00 AM
|
|
|
robbie
Posts: 24
Joined: 1.Nov.2001
From: uk
Status: offline
|
Hi
I have ISA 2004 Std and all has been going very well up until now but i am having SSL dificulties.
I am trying to connect to a secure site but have the following problems:
I connect to the https site OK and looking in the logging monitor i can see the connection established sucessfully as follows:
Destination: IP address of requested site
Port: 443
Protocol: SSL-tunnel
Action: Allowed Connection
Rule: Web Access Only
Client Username: domain\username
Imediately after this has all taken place the whole connection then changes to..
Destination: Internal ISA IP
Port: 443
Protocol: SSL-tunnel
Action: Denied Connection
Rule: None
Client Username: anonymous
followed by..
Destination: Internal ISA IP
Port: 443
Protocol: SSL-tunnel
Action: Failed Connection Attempt
Rule: None
Client Username: anonymous
and finally..the connection tries all over again with a straight forward port 80 request.
I really would appreciate any help as this is an issue that many of us are having since reading your forums.
Many Thanks
Robbie
|
|
|
|
RE: SSL Failed Connection Attempt - 20.Jun.2005 7:58:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Robbie,
What site?
Thanks!
Tom
|
|
|
|
|
RE: SSL Failed Connection Attempt - 20.Jun.2005 1:33:00 PM
|
|
|
robbie
Posts: 24
Joined: 1.Nov.2001
From: uk
Status: offline
|
Hi Tom
The site is https://bpn.boeing.com but it's not quite that simple.... i can connect to the site no problems, but there is a link within which should take me to another part of the secure site but it fails with the aforementioned errors on one link only, all the other links are OK. The hosts are quite sure that this is an ISA problem which i tend to agree with since the link opens at the ISA directly but not from a client on the LAN.
Many Thanks
Robbie
|
|
|
|
RE: SSL Failed Connection Attempt - 22.Sep.2006 12:06:01 AM
|
|
|
felixisa
Posts: 3
Joined: 21.Sep.2006
Status: offline
|
To whom it may concern,
I think the reason you didn't get a reply tshinder (the isa guru!) is because the link you ''seemed'' to refer to in your question
was not accessable without a username or password. Since you didn't actually specify which link it is hard to pin down the issue. Any problems
with publically listed companies web sites should really be directed to their webmaster... i.e. hostmaster@<relevant.domain>.
SSL-Tunnelling is quite a complicated process... A good source of info apart from MS' resources is Tom Shinder's book
"Syngress - Dr. Tom Shinder's Configuring ISA Server 2004"....
Will endeavour to post succinct info about that in the near future.
_____________________________
Regards,
WPK
Felix Computer Services (AUST)
|
|
|
|
|
RE: SSL Failed Connection Attempt - 22.Sep.2006 11:20:35 AM
|
|
|
isda
Posts: 8
Joined: 20.Sep.2006
Status: offline
|
hello! im new here. my problem is that. my enterprise array rule denied the ssl port. what shall i do? like opening a gmail and mail.yahoo that requires ssl.
|
|
|
|
|
RE: SSL Failed Connection Attempt - 22.Sep.2006 12:59:35 PM
|
|
|
felixisa
Posts: 3
Joined: 21.Sep.2006
Status: offline
|
To isda, firstly i must state that i am presuming that 'you' are have problems connecting to an SSL site, i.e. you are the client, and not that clients
are having problems connecting to an SSL port you are attempting to publish. Secondly I am assuming you have not implemented the SSL listening option
on the web proxy server settings tab in the say 'internal' network's properties dialog box.
Your problem does seem to be that you have not Created an Enterprise/Array Firewall Policy Access Rule allowing clients on 'your' network accessing to say the external network. If for some reason the SSL port you are trying to reach is not the standard 443 port, then you will have to create another Protocol
in the Enterprise or Array which is pertinent to you.
Hopefully your problem can be fixed as straight-forwardly as stated-above... Unfortunately there are allot more technical issues that come into play with
SSL-based connections, thankfully these issues primarily fall in the Server Publishing area. I suggest you do some reading on the nature of SSL
connections provided ubquitously by Microsoft. Secondly I suggest you get your hands on a book like "Syngress - Dr. Tom Shinder's Configuring ISA Server 2004", especially if you are new to network security and/or wish to publish SLL-based connections.
Finally a little tip when requesting help in the future, try to give a clear as picture as is necessary and possible about the relevent states of your
security systems/ network etc... and obviously post in the relevant Forum threads.
Hope this helps
p.s. this thread deals with SSL-based client connection difficulties from a client's perspective.
_____________________________
Regards,
WPK
Felix Computer Services (AUST)
|
|
|
|
|
RE: SSL Failed Connection Attempt - 23.Sep.2006 3:00:39 AM
|
|
|
isda
Posts: 8
Joined: 20.Sep.2006
Status: offline
|
thanks for the help. ;)
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Confused]](/image/smiles/confused.gif)
![[Frown]](/image/smiles/frown.gif)
RE: SSL Failed Connection Attempt - 