Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Terminate SSL
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Terminate SSL - 4.Jan.2008 3:14:25 AM
|
|
|
create_share
Posts: 261
Joined: 4.May2005
Status: offline
|
Redirect SSL request as HTTP option on Web Chaining is selected. There are a few sites that do not download data of it is enabled but if i enable SSL then i can download data from these sites.
My Exchange 2007 is also published on isa 2006. Is there any impact of this option on Exchange Publishing?
Secondly, if it is set for SSL, will it effect ISA performance?
Thanks!
|
|
|
|
|
RE: Terminate SSL - 5.Jan.2008 1:58:47 AM
|
|
|
create_share
Posts: 261
Joined: 4.May2005
Status: offline
|
1. For Upstreaming to my ISP Proxy Server.
2. The Second reason can be because of our Exchange Server 2007. The person who prepared ISA machine made a new web chaining rule for External Traffic and enter my E-Mail Domain's MX Record in the Exception List. If i remove the MX Record from the Exception List then Outlook Web Access does not work from outside.
I will try to go with the default chaining rule if it works and recommended.
Thanks!
|
|
|
|
RE: Terminate SSL - 6.Jan.2008 11:41:02 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
OK, the Web Chaining Rule makes sense for chaining the Firewall to an upsteam proxy, but the MX thing doesn't make any sense at all, since MX records are dealing with SMTP, not HTTP.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Terminate SSL - 6.Jan.2008 5:07:01 PM
|
|
|
create_share
Posts: 261
Joined: 4.May2005
Status: offline
|
I removed my MX Record from the Exception List and the below happened after entering username and password in OWA:
The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
--------------------------------------------------------------------------------
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
--------------------------------------------------------------------------------
Technical Information (for support personnel)
Error Code: 404 Not Found. The requested item could not be located. (12028)
What can be the problem?
My internal and external domain names are different and the certificate i am using for OWA is self generated not third party.
thanks!
|
|
|
|
|
RE: Terminate SSL - 7.Jan.2008 10:35:57 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Do you mean your MX domain name? An MX *record* is a very specific thing, which exists only on a DNS server.
Also, which exception list are your working with? There are lots of them out there :)
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Terminate SSL - 7.Jan.2008 1:35:10 PM
|
|
|
create_share
Posts: 261
Joined: 4.May2005
Status: offline
|
I mean mail.mydomain.com and the exception list in web chaining rule.
Thanks!
|
|
|
|
|
RE: Terminate SSL - 8.Jan.2008 11:35:27 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
OK, this is starting to make sense.
You've configured a Web chaining rule to forward everything to an upstream proxy. However, you don't want to forward your incoming OWA connections to the upstream proxy, so you entered the FQDN used to access OWA into the exceptions list. That makes sense.
For the Web chaining rule, you really don't want to redirect SSL as HTTP, as that has nothing to do with the client communications, its for proxy to proxy communications, where you have configured the downstream proxy to use SSL with an upstream proxy, and then the upstream proxy is chained to another upstream proxy, and sends the proxy to proxy requests as HTTP instead of SSL.
For clients, once the SSL connection is established, it's SSL all the way.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Terminate SSL - 8.Jan.2008 2:01:44 PM
|
|
|
create_share
Posts: 261
Joined: 4.May2005
Status: offline
|
So that means i am using the correct configuration for my OWA. The only thing i can change is that "Redirect SSL requests as HTTPS instead of HTTP" to download updates from fileconnect.symantec.com using java for disconnected downloads.
Thanks!
|
|
|
|
|
RE: Terminate SSL - 10.Jan.2008 4:26:33 AM
|
|
|
create_share
Posts: 261
Joined: 4.May2005
Status: offline
|
Ok Thanks!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
