Welcome to ISAserver.org

SecureNat https ssl doesn't work

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> SecureNat https ssl doesn't work

Page: [1]

Message

<< Older Topic Newer Topic >>

SecureNat https ssl doesn't work - 28.Dec.2005 6:01:27 PM

celledge

Posts: 18
Joined: 17.Jul.2003
Status: offline

I have remote clinets that come into my network NAT'd on 10.155.0.100 with my ISA server as the final route. They are all SecureNat clients. They can access http pages fine, but none can't access https pages. If I make them Web Proxy clients they work fine, but I can't do this as it creates a problem from some of my applications.

I have read through the board and haven't found a solution. I have confirmed that the HTTP filter is NOT turned on in the https protocol.

Am I missing something?

Post #: 1

Featured Links*

RE: SecureNat https ssl doesn't work - 28.Dec.2005 7:05:09 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Cell,

Are those users exceeding connection limits?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to celledge)

Post #: 2

RE: SecureNat https ssl doesn't work - 28.Dec.2005 10:13:32 PM

celledge

Posts: 18
Joined: 17.Jul.2003
Status: offline

I have no connection limits defined. This was working a week ago. I can't fingure out what changed. Your book should be arriving this afternoon, so maybe it will help.

(in reply to tshinder)

Post #: 3

RE: SecureNat https ssl doesn't work - 29.Dec.2005 3:49:34 AM

celledge

Posts: 18
Joined: 17.Jul.2003
Status: offline

I found the problem and it is a strange one. I had an IP address set configured originally for a single IP address - 10.155.0.100. I changed this last week to include more addresses - 10.100.0.0 through 10.155.255.255. That is what created my problem. I changed this back to a single address and created a new subnet set for the 10.100.0.0/16 subnet. That corrected my problem and covers exactly what I need.

Could the problem be that I changed the address set? Perhaps I should have deleted it and created a new one. Or, did I try to cover too many addresses? Either way, I have it done right now and it works. Maybe this will be helpful for others..

By the way Tom, I received your book today and it is a good reference.

Chris

(in reply to celledge)

Post #: 4

RE: SecureNat https ssl doesn't work - 29.Dec.2005 1:54:17 PM

smelethil

Posts: 8
Joined: 21.Nov.2005
Status: offline

anybody help me to block yahoo messenger

(in reply to celledge)

Post #: 5

RE: SecureNat https ssl doesn't work - 31.Dec.2005 6:13:31 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

quote:

ORIGINAL: celledge

I found the problem and it is a strange one. I had an IP address set configured originally for a single IP address - 10.155.0.100. I changed this last week to include more addresses - 10.100.0.0 through 10.155.255.255. That is what created my problem. I changed this back to a single address and created a new subnet set for the 10.100.0.0/16 subnet. That corrected my problem and covers exactly what I need.

Could the problem be that I changed the address set? Perhaps I should have deleted it and created a new one. Or, did I try to cover too many addresses? Either way, I have it done right now and it works. Maybe this will be helpful for others..

By the way Tom, I received your book today and it is a good reference.

Chris

Hi Chris,

GREAT! I'm not exactly sure what happened to make it work (since I don't know why you created a set with a single IP address, etc) but its good to hear you got it working and thanks for the follow up!

Also, thanks for getting the book! Post on the forums when you have questions about anything you read in the book. This is a unique opportunity, to be able to ask the author directly "what he means" about anything written in the book. Take advantage of it!

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to celledge)

Post #: 6

RE: SecureNat https ssl doesn't work - 9.Jan.2006 3:24:58 AM

96ghia

Posts: 1
Joined: 9.Jan.2006
Status: offline

I have a similar issue, but slightly different.

I have a JIRA installation that sits on :8000 internally, and a Web Publisher that publishes the /jira site on SSL, which then passes the item onto :8000 on the internal interface.

For naming and link reasons, I want internal machines inside the ISA firewall, to access the site using the external link. I find that when the client acts as a web proxy client, that the linkworks perfectly.
However, if the Web Proxy item is turned off in IE, that the http link works, (returns the "use SSL/HTTPS" to get to this page message) but when trying to access it via https, (whcih works for all external machines, and the local host) it fails, (404 message, like it can't even see the machine)

opinions?

(in reply to celledge)

Post #: 7

RE: SecureNat https ssl doesn't work - 9.Jan.2006 7:26:32 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi 96,

That's exactly how it should work. It can't work with SecureNAT clients because those aren't proxied connections. You should always use Direct Access and split DNS for internal clients accessing internal resources. Check out the Direct Access articles on this site to see how it works.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to 96ghia)

Post #: 8