HTTPS Fails over VPN (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> VPN



Message


bendji -> HTTPS Fails over VPN (23.Jun.2006 10:15:42 AM)

Greetings all,

Just stumbled over a problem, where I can't figure out whats going wrong. So im looking for some suggestions and where is a better place to ask than on this forum [;)]

I have an ISA 2004 server configured for VPN. It all works, people can log on and can reach the servers inside and the surf the Internet. The only thing there aint working, is when people try to reach a HTTPS site through VPN.

The rule I have setup to allow HTTP and HTTPS from VPN Clients to External is:

Name                            Action           Protocol              From/Listener        To            Condition    
VPN Client to Internet      Allow             HTTP, HTTPS       VPN Clients           External    All Users

I have no changed any thing on the two protocols HTTP and HTTPS, they are just added with the default settings.

From a VPN Client it receive a "The page cannot be displayed" when I try to open a HTTPS site, normal HTTP works fine.

When I look in the monitoring on the ISA server I see the following:

Destination     Protocol         Action                        Rule                               Source Network     Destination    Error Information        Result Code
443               HTTPS           "Initiated Connection"   "VPN Client to Internet"      "VPN Clients"         "External"      0x0                          0x0
443               HTTPS           "Closed Connection"      "VPN Client to Internet"      "VPN Clients"         "External"      0x0                          0x80074e21

This happens every time I try to access a HTTPS site over VPN.
According to the Result Code:  0x80074e21 on this site http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isasdk/isa/error_codes.asp it should meen that "A connection was abortively closed after one of the peers sent a RST segment." But that do not tell me much. Any suggestions how to trouble shoot this little problem, or any suggestions how to solve it?

In advance thanks for suggestions/advices

Yours Sincerely,
Benjamin




Zac -> RE: HTTPS Fails over VPN (24.Jun.2006 7:32:05 AM)

Benjamin,

It seems that https port is not getting through the VPN. For a test purpose, edit your rule" VPN Client to Internet" and allow all protocols and see whether the client can access the https sites. Post the result.


Regards,

Zac.




bendji -> RE: HTTPS Fails over VPN (24.Jun.2006 10:43:24 AM)

Hi Zac, will try that monday (have to enjoy the good weather outside, while it lasts).
Then I return with the result monday morning.

Enjoy the weekend all [:)]

Yours Sincerely,
Benjamin




bendji -> RE: HTTPS Fails over VPN (26.Jun.2006 8:44:50 AM)

Well it's Monday morning, and I hope you are all had a good weekend and enjoyed the football without to many beers [;)]

But to return to topic as promised:

I've just created a new rule which allow all traffic from the "VPN Client" network to External network for all users (defualt), and the connection is closed with the same statement as in post 1.

I've also tried to set the client up to use the ISA server as a proxy server, but no luck in this direction (Cache is enabled on the ISA server).

Tried to move the rule up on as number 1, but the same result.

Could it be the caching on the ISA server, there could give me this problem? Normal HTTP is working like a charm.

But any suggestions how to persuit/troubleshoot this problem would we welcome.

Yours Sincerely,
Benjamin






Page: [1]