Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL bridging and tunnelling

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> SSL bridging and tunnelling Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL bridging and tunnelling - 17.Apr.2008 10:34:02 AM   
MIA

 

Posts: 7
Joined: 19.Oct.2007
Status: offline 		Hi all,
We have a DMZ with an external facing ISA (ISA 2000/ W2k3), webserver (IIS6/W2k3 )and internal ISA (ISA 2000/ W2k3)

The webserver hosts a site that uses SSL and a server publishing rule for
SSL tunnelling was created aswell as a web publishing rule.  The server
publishing rule maps any https request from the external ISA IP address to
the webserver internal IP address.  We are using a verisign certificate
registered against the web site address (www.domain.com)

We have since added another webserver for testing &created a web publishing
rule.

We now want the test site/ server to use SSL - essentially it is a clone of
our live webserver.  We have created a selfsigned ssl certificate using the
name registed in dns (test.domain.com)

Both sites have a default.aspx page at the top level that redirects to a
https url

I have done the following to enable this:
1) exported the certificates from the two webservers into the external ISA
2) checked that the two web publishing rules have the bridging set as http
requests redirected as http and ssl redirected as ssl on default ports
3) edited the action in the two web publishing rules to foward to the dns
hostname (ie test.domain.com & www.domain.com) instead of the internal IP
addresses
4) added these entries into the host file on the external ISA
5) disabled the server publishing rule

This is as per
http://www.microsoft.com/technet/archive/isa/2000/isafp1/sslbat.mspx?mfr=true

The problem we are having is that as soon as I disable the server publishing
rule, I cannot resolve to the sites  - a host not found / dns error is displayed in
the browser.
Once I re-enable the rule, all is well.  I've tried pinging the two entries
from the ISA and they are resolving correctly so it looks like the name
resolution is working there (because of the host file entries), but not at the client level.

Where am I going wrong?
Many thanks
Rob
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> SSL bridging and tunnelling Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts