Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

The page cannot be displayed

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> The page cannot be displayed Page: [1]
Login
Message << Older Topic   Newer Topic >>
The page cannot be displayed - 31.Oct.2005 1:57:00 PM   
asutherland

 

Posts: 51
Joined: 23.Jan.2003
From: Nelson, B.C.
Status: offline 		PROBLEM:
Web Client

ôThe page cannot be displayedö û when attempting to access SSL site published by ISA Incoming Web Listener2. Web client has CA Trusted root certificate installed.

1. Does ISA 2000 support multiple external NICS, each with its own IP and each with its own Web Listener? Or do I have to upgrade to ISA 2004 to make this work?

DETAILS:
On ISA 2000,
DNS Lookups work portal.company1.com resolves to 192.168.0.20
Using SecureNAT û the ISA browser is able to connect to the portal.company1.com site using https://portal.company1.com URL
Using WebProxy û the ISA browser is able to connect to the portal1.company1.com site using the same URL. Therefore, the problem is not the SSL website itself. The problem is cannot establish an SSL session via the ISA Firewall Incoming Web Listener, even though the original Incoming Web Listener1 is working fine for all of itÆs SSL sites

ISA Config
Windows 2003 SP1, ISA 2000 SP2, Feature Pack 1

LAN NIC û 192.168.0.15 (default gateway for published servers and LAN web proxy clients)

3 different External NICs, each with own IP and MAC address:

External NIC1 û 142.xxx.xxx.216 = Incoming Web Listener1 for SSL sites on mailservername.ourdomain.com = MS Enterprise Root Certificate Server, OWA server
This SSL site works fine. https://mailservername.ourdomain.com/certsrv (basic authentication) https://mailservername.ourdomain.com/exchange (forms-based authentication). Everything works fine for the first Incoming Web Listener.

External NIC2 û 142.xxx.xxx.103 = Incoming Web Listener2 for SSL site (hosted on webservername.ourdomain.com) SSL WebSite = Portal.company1.com. Certificate imported and used for listener portal.company1.com

External NIC3 û 142.xxx.xxx.108 = Incoming Web Listener3 for future SSL site

Portal.company1.com Web Publishing Rule û redirect to portal.company1.com

External DNS has been set for external IP address on External NIC2/WebListener2 - nslookup from Internet resolves to correct address.

Web Server Config
Webserver name û webservername.ourdomain.com

Default Web Site config û all Unassigned.

LAN NIC1 û 192.168.0.20
WebSites = IP listening for all port 80 websites and port 443 for portal.company1.com, website certificate = portal.company1.com

LAN NIC2 û 192.168.0.21
WebSites û will be future portal.company2.com

SSL Certificates
Portal.company1.com = SSL website on webservername.ourdomain.com = 192.168.0.20
Portal.company2.com = SSL website on webservername.ourdomain.com = 192.168.0.21
Mailservername.ourdomain.com û SSL websites on mailservername.ourdomain.com û 192.168.0.22

Just to clarify:

The client sends an HTTPS request to portal.company1.com to access an SSL Web site.
The request arrives on the external interface 142.xx.xxx.103 of the ISA Server 2000 firewall and is intercepted by the Web listener for the Portal Web Publishing rule.

The Web listener used by the Portal Web Publishing rule has a Web site certificate bound to it. The common name on the certificate is portal.company1.com.

The name in the request matches the common name on the Web site certificate bound to the Web listener (portal.company1.com). (webservername = webserver1.ourdomain.com) portal.company1.com has A record on internal DNS server.

The Portal Web Publishing rule is configured to forward the request to the web site on the internal network.

The Web Publishing rule on the ISA Server 2000 firewall is configured to forward the request to portal.company1.com, which is the same name on the Web site certificate bound to the external interface and the name used in the original user request.

The request is forwarded to the Portal Web site on the internal network. The Portal Web site also has a Web site certificate bound to it. The common name on the certificate is portal.company1.com.

This matches the name on the original client request (Http://portal.company1.com), the name on the certificate bound to the Web listener (portal.company1.com) that accepted the request, and the name used in the Web Publishing rule that redirected the request to the Portal Web site on the internal network. All the names match and if the user is authenticated, then the connection request is allowed.

This site was previously accessible without SSL, an now it's not available with https or http, even though SSL is not required by the website or the web publishing rule.

Don't understand why "the page cannot be displayed" occurs.
Post #: 1
RE: The page cannot be displayed - 1.Nov.2005 3:28:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Moving to ISA2000 section.

(in reply to asutherland)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> The page cannot be displayed Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts