we need a box to act as VPN server and will exchange certificate with the external world. This server will also need to be a proxy server and handle all comunications to the internal network. We have 2 scenarios.
Client A----------------> ISA Server-------------------> Server 1 port 7777 Client A opens a connection with ISA server on port 3000 using http + ssl. ISA server act as proxy and send the connection to Server 1 on port 7777 Server 1 is not reacheable nor visible to client A Sencond leg (ISA to Server 1) doesnt use any certificate nor is encrypted.
2nd scenario: Client A----------------> ISA Server-------------------> Server 2 port 8888 Client A opens a connection with ISA server on port 4000 using socket TCP plus certicate. ISA server act as proxy and send the connection to Server 2 on port 8888 Server 2 is not reacheable nor visible to client A Sencond leg (ISA to Server 2) doesnt use any certificate nor is encrypted.
The question is, can it be acomplished using ISA Server? Do we have any limitations regarding port number with ISA server? What we have heard so far is: a) ISA is not capable handle connection on port over 1023. Is that right? b) ISA can only handle HTTP connections. ???
Thank you all for your help. Hbora
< Message edited by hbora8 -- 13.Jun.2007 4:07:20 PM >
You think about ISA server in terms of traditional "hardware" firewalls. That is the main problem. Try to explain the situation in terms of business needs. That way it would be much easier to suggest you something.
Personally, I do not understand the difference between your scenarios. Is there a two servers with different apps? Does your Server 1/2 are on the LAN side of the ISA server, while Client A is on the Internet?
If so, the ISA server could easily handle this task via web publishing. And yes, the ISA server sure could process any requests, not only HTTP. The ISA server does support HTTPS-to-HTTP as long as HTTPS-to-HTTPS bridging scenarios both on standard and on manually configured arbitrary ports.
The client is on the Internet and I have 2 different servers inside my network. In one case the client talks http with one server and in the second case the client open a TCP socket and talk with another server.
The scenario when the application talks http is working now, but we facing problems to make it work when the application open a TCP socket. Any suggestion on that?