Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Sonicwall SSL-VPN 2000
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Sonicwall SSL-VPN 2000 - 5.Aug.2008 9:52:25 PM
|
|
|
Hawkeye_820
Posts: 25
Joined: 1.Oct.2002
Status: offline
|
I have a SonicWall SSL-VPN that I am attempting to configure for remote access.
The SonicWall is behind an ISA 2006 with SP1
In tests I am able to get access to OWA and Sharepoint. I have attempted to set up an RDP connection. When I test it inside the network I have no issues.
When I try to connect from the Internet I get entries in the ISA Log similar to the following (edited slightly):
Destination IP Destination Port Protocol Action Rule
172.16.0.8 3389 SSL-tunnel Failed- Connection Attempt -
Failed Connection Attempt ISASERVER 8/5/2008 3:18:23 PM
Log type: Web Proxy (Reverse)
Status: 13 The data is invalid.
Rule: -
Source: - (xxx.xxx.xxx.xxx)
Destination: - (172.16.0.8:3389)
Request: CONNECT -
Filter information: Req ID: 0c9d2b19; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel
User: anonymous
Anyone have any experience with this device?
|
|
|
|
|
RE: Sonicwall SSL-VPN 2000 - 7.Aug.2008 4:28:01 PM
|
|
|
Hawkeye_820
Posts: 25
Joined: 1.Oct.2002
Status: offline
|
OK, so I think I may have found a workaround to my issue but I need to know about the security implications:
I have added a non-web server publishing rule to publish the SSL-VPN. The certificate is on the device so can I assume that all traffic is still being encrypted even though I am not using the SSL certificate that is on the ISA Server?
Thanks for any info
|
|
|
|
|
RE: Sonicwall SSL-VPN 2000 - 9.Aug.2008 5:34:52 AM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
Hi Paul,
Yes, you should use a non-web server publishing rule for your SSL VPN. It's up to the Sonicwall to inspect the ecncrypted data now and authorize the clients, that's why you use it.
If you use a web server publishing rule, "non-web data" will be dropped, as you have seen.
ISA already has some SSL VPN capabilities for OWA and Sharepoint, so you might not need the Sonicwall for that, you may like to read:
http://technet.microsoft.com/en-us/library/cc713342.aspx
http://technet.microsoft.com/en-us/library/cc713327.aspx
Personal I should have opted for a IAG 2007 machine instead of the Sonicwall, and let the IAG handle certain inbound scenarious, while ISA will handle the outbound ones.
If you did not yet bought the Sonicwall, and you still evaluate it, you may like to read IAG 2007's datasheet, as you might be pleasently impressed:
http://www.microsoft.com/Forefront/edgesecurity/iag/en/us/default.aspx
Regards,
J
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
